websocket: Avoid memory leak in error path

In the errorpath for randstr being too long to copy into the buffer
we leak the randstr when returning CURLE_FAILED_INIT.  Fix by using
an explicit free on randstr in the errorpath.

Closes: #13602
Reviewed-by: Daniel Stenberg <daniel@haxx.se>

diff --git a/lib/ws.c b/lib/ws.c
index 86ed5ce17c298ea8145f6f47d48f2feb15455a3b..6ccf9e65fd32df6ece9d36265ddebe7b407e52be 100644 (file)
--- a/lib/ws.c
+++ b/lib/ws.c
@@ -718,8 +718,10 @@ CURLcode Curl_ws_request(struct Curl_easy *data, REQTYPE *req)
   if(result)
     return result;
   DEBUGASSERT(randlen < sizeof(keyval));
-  if(randlen >= sizeof(keyval))
+  if(randlen >= sizeof(keyval)) {
+    free(randstr);
     return CURLE_FAILED_INIT;
+  }
   strcpy(keyval, randstr);
   free(randstr);
   for(i = 0; !result && (i < sizeof(heads)/sizeof(heads[0])); i++) {