From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Sat, 18 Oct 2025 16:25:45 +0000 (+0800)
Subject: schannel: fix memory leak
X-Git-Tag: rc-8_17_0-2~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=66e3ff5d0e3aa9ded372f540a5f5bfd83238a958;p=thirdparty%2Fcurl.git

schannel: fix memory leak

- Do not leak memory on failed setting algorithm cipher list.

Discovered by ZeroPath.


- Do not free backend->cred after failed AcquireCredentialsHandle.

backend->cred is always freed later, during cleanup.


Closes https://github.com/curl/curl/pull/19118
---

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index ae5834d843..9b2b1e702e 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -818,6 +818,8 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf,
       result = set_ssl_ciphers(&schannel_cred, ciphers, algIds);
       if(result) {
         failf(data, "schannel: Failed setting algorithm cipher list");
+        if(client_certs[0])
+          CertFreeCertificateContext(client_certs[0]);
         return result;
       }
     }
@@ -845,7 +847,6 @@ schannel_acquire_credential_handle(struct Curl_cfilter *cf,
     char buffer[STRERROR_LEN];
     failf(data, "schannel: AcquireCredentialsHandle failed: %s",
           Curl_sspi_strerror(sspi_status, buffer, sizeof(buffer)));
-    Curl_safefree(backend->cred);
     switch(sspi_status) {
     case SEC_E_INSUFFICIENT_MEMORY:
       return CURLE_OUT_OF_MEMORY;