diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c index 0e0db5bc4a..8e1ea827b7 100644 --- a/lib/vauth/krb5_gssapi.c +++ b/lib/vauth/krb5_gssapi.c @@ -113,7 +113,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, free(spn); } - if(chlg64 && strlen(chlg64)) { + if(chlg64 && *chlg64) { /* Decode the base-64 encoded challenge message */ if(*chlg64 != '=') { result = Curl_base64_decode(chlg64, &chlg, &chlglen); @@ -144,6 +144,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, mutual_auth, NULL); + /* Free the decoded challenge as it is not required anymore */ free(input_token.value); if(GSS_ERROR(major_status)) { diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c index 605933197b..8ba2662225 100644 --- a/lib/vauth/krb5_sspi.c +++ b/lib/vauth/krb5_sspi.c @@ -113,6 +113,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, } if(!krb5->credentials) { + /* Do we have credientials to use or are we using single sign-on? */ if(userp && *userp) { /* Populate our identity structure */ result = Curl_create_sspi_identity(userp, passwdp, &krb5->identity); @@ -151,7 +152,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, memset(krb5->context, 0, sizeof(CtxtHandle)); } - if(chlg64 && strlen(chlg64)) { + if(chlg64 && *chlg64) { /* Decode the base-64 encoded challenge message */ if(*chlg64 != '=') { result = Curl_base64_decode(chlg64, &chlg, &chlglen); @@ -195,9 +196,10 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, &resp_desc, &attrs, &expiry); - if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) { - free(chlg); + /* Free the decoded challenge as it is not required anymore */ + free(chlg); + if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) { return CURLE_RECV_ERROR; } @@ -218,9 +220,6 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, result = CURLE_OUT_OF_MEMORY; } - /* Free the decoded challenge */ - free(chlg); - return result; }