From: Jay Satiro <raysatiro@yahoo.com>
Date: Thu, 21 Jul 2016 02:00:45 +0000 (-0400)
Subject: vauth: Fix memleak by freeing credentials if out of memory
X-Git-Tag: curl-7_50_0~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c5cffce56e4c6f6c26e82438a61abf85e39cac4a;p=thirdparty%2Fcurl.git

vauth: Fix memleak by freeing credentials if out of memory

This is a follow up to the parent commit dcdd4be which fixes one leak
but creates another by failing to free the credentials handle if out of
memory. Also there's a second location a few lines down where we fail to
do same. This commit fixes both of those issues.
---

diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c
index fc37db0c5c..6a7315eb50 100644
--- a/lib/vauth/digest_sspi.c
+++ b/lib/vauth/digest_sspi.c
@@ -420,7 +420,10 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
      by the security package */
   output_token = malloc(token_max);
   if(!output_token) {
+    s_pSecFn->FreeCredentialsHandle(&credentials);
+
     Curl_sspi_free_identity(p_identity);
+
     return CURLE_OUT_OF_MEMORY;
   }
 
@@ -448,6 +451,8 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
 
   spn = Curl_convert_UTF8_to_tchar((char *) uripath);
   if(!spn) {
+    s_pSecFn->FreeCredentialsHandle(&credentials);
+
     Curl_sspi_free_identity(p_identity);
     free(output_token);