From: Saurav Babu <saurav.babu@samsung.com>
Date: Wed, 20 Jul 2016 09:08:02 +0000 (+0200)
Subject: vauth: Fixed memory leak due to function returning without free
X-Git-Tag: curl-7_50_0~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dcdd4be;p=thirdparty%2Fcurl.git

vauth: Fixed memory leak due to function returning without free

This patch allocates memory to "output_token" only when it is required
so that memory is not leaked if function returns.
---

diff --git a/lib/vauth/digest_sspi.c b/lib/vauth/digest_sspi.c
index c5bb35acac..fc37db0c5c 100644
--- a/lib/vauth/digest_sspi.c
+++ b/lib/vauth/digest_sspi.c
@@ -387,12 +387,6 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
   /* Release the package buffer as it is not required anymore */
   s_pSecFn->FreeContextBuffer(SecurityPackage);
 
-  /* Allocate the output buffer according to the max token size as indicated
-     by the security package */
-  output_token = malloc(token_max);
-  if(!output_token)
-    return CURLE_OUT_OF_MEMORY;
-
   if(userp && *userp) {
     /* Populate our identity structure */
     if(Curl_create_sspi_identity(userp, passwdp, &identity))
@@ -418,11 +412,18 @@ CURLcode Curl_auth_create_digest_http_message(struct Curl_easy *data,
                                               &credentials, &expiry);
   if(status != SEC_E_OK) {
     Curl_sspi_free_identity(p_identity);
-    free(output_token);
 
     return CURLE_LOGIN_DENIED;
   }
 
+  /* Allocate the output buffer according to the max token size as indicated
+     by the security package */
+  output_token = malloc(token_max);
+  if(!output_token) {
+    Curl_sspi_free_identity(p_identity);
+    return CURLE_OUT_OF_MEMORY;
+  }
+
   /* Setup the challenge "input" security buffer if present */
   chlg_desc.ulVersion    = SECBUFFER_VERSION;
   chlg_desc.cBuffers     = 3;