From: Yang Tse <yangsita@gmail.com>
Date: Sun, 24 Mar 2013 03:47:57 +0000 (+0100)
Subject: NTLM: fix several NTLM code paths memory leaks
X-Git-Tag: curl-7_30_0~79
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=acafe9c160e6c299d48d72ab93fdb7abfcbf3ed2;p=thirdparty%2Fcurl.git

NTLM: fix several NTLM code paths memory leaks
---

diff --git a/lib/curl_ntlm.c b/lib/curl_ntlm.c
index 72e446c8fd..4d126a573e 100644
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@@ -5,7 +5,7 @@
  *                            | (__| |_| |  _ <| |___
  *                             \___|\___/|_| \_\_____|
  *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
  *
  * This software is licensed as described in the file COPYING, which
  * you should have received as part of this distribution. The terms
@@ -181,7 +181,6 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
     /* Create a type-1 message */
     error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64,
                                            &len);
-
     if(error)
       return error;
 
@@ -190,8 +189,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
       *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
                               proxy ? "Proxy-" : "",
                               base64);
-      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
       free(base64);
+      if(!*allocuserpwd)
+        return CURLE_OUT_OF_MEMORY;
+      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
     }
     break;
 
@@ -207,8 +208,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
       *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
                               proxy ? "Proxy-" : "",
                               base64);
-      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
       free(base64);
+      if(!*allocuserpwd)
+        return CURLE_OUT_OF_MEMORY;
+      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
 
       ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
       authp->done = TRUE;
@@ -218,10 +221,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
   case NTLMSTATE_TYPE3:
     /* connection is already authenticated,
      * don't send a header in future requests */
-    if(*allocuserpwd) {
-      free(*allocuserpwd);
-      *allocuserpwd = NULL;
-    }
+    Curl_safefree(*allocuserpwd);
     authp->done = TRUE;
     break;
   }
diff --git a/lib/http.c b/lib/http.c
index 0ba11133ff..f4b7a48e71 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1739,8 +1739,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
     conn->bits.authneg = FALSE;
 
   Curl_safefree(conn->allocptr.ref);
-  if(data->change.referer && !Curl_checkheaders(data, "Referer:"))
+  if(data->change.referer && !Curl_checkheaders(data, "Referer:")) {
     conn->allocptr.ref = aprintf("Referer: %s\r\n", data->change.referer);
+    if(!conn->allocptr.ref)
+      return CURLE_OUT_OF_MEMORY;
+  }
   else
     conn->allocptr.ref = NULL;
 
diff --git a/lib/url.c b/lib/url.c
index e401ca3639..8c8f8b07c3 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2523,13 +2523,13 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
         data->state.authproxy.want;
     }
 
-    if(has_host_ntlm || has_proxy_ntlm) {
+    if(has_host_ntlm || has_proxy_ntlm)
       data->state.authproblem = FALSE;
-
-      Curl_http_ntlm_cleanup(conn);
-    }
   }
 
+  /* Cleanup NTLM connection-related data */
+  Curl_http_ntlm_cleanup(conn);
+
   /* Cleanup possible redirect junk */
   if(data->req.newurl) {
     free(data->req.newurl);