NTLM: fix several NTLM code paths memory leaks

2024-11-21 01:16:58 +08:00 · 2013-03-24 04:47:57 +01:00 · 2013-03-24 04:47:57 +01:00 · acafe9c160
commit acafe9c160
parent 8ec2cb5544
3 changed files with 16 additions and 13 deletions
--- a/lib/curl_ntlm.c
+++ b/lib/curl_ntlm.c
@ -5,7 +5,7 @@
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
@ -181,7 +181,6 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
    /* Create a type-1 message */
    error = Curl_ntlm_create_type1_message(userp, passwdp, ntlm, &base64,
                                           &len);
-
    if(error)
      return error;

@ -190,8 +189,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
                              proxy ? "Proxy-" : "",
                              base64);
-      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
      free(base64);
+      if(!*allocuserpwd)
+        return CURLE_OUT_OF_MEMORY;
+      DEBUG_OUT(fprintf(stderr, "**** Header %s\n ", *allocuserpwd));
    }
    break;

@ -207,8 +208,10 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
      *allocuserpwd = aprintf("%sAuthorization: NTLM %s\r\n",
                              proxy ? "Proxy-" : "",
                              base64);
-      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));
      free(base64);
+      if(!*allocuserpwd)
+        return CURLE_OUT_OF_MEMORY;
+      DEBUG_OUT(fprintf(stderr, "**** %s\n ", *allocuserpwd));

      ntlm->state = NTLMSTATE_TYPE3; /* we send a type-3 */
      authp->done = TRUE;
@ -218,10 +221,7 @@ CURLcode Curl_output_ntlm(struct connectdata *conn,
  case NTLMSTATE_TYPE3:
    /* connection is already authenticated,
     * don't send a header in future requests */
-    if(*allocuserpwd) {
-      free(*allocuserpwd);
-      *allocuserpwd = NULL;
-    }
+    Curl_safefree(*allocuserpwd);
    authp->done = TRUE;
    break;
  }
--- a/lib/http.c
+++ b/lib/http.c
@ -1739,8 +1739,11 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
    conn->bits.authneg = FALSE;

  Curl_safefree(conn->allocptr.ref);
-  if(data->change.referer && !Curl_checkheaders(data, "Referer:"))
+  if(data->change.referer && !Curl_checkheaders(data, "Referer:")) {
    conn->allocptr.ref = aprintf("Referer: %s\r\n", data->change.referer);
+    if(!conn->allocptr.ref)
+      return CURLE_OUT_OF_MEMORY;
+  }
  else
    conn->allocptr.ref = NULL;

--- a/lib/url.c
+++ b/lib/url.c
@ -2523,13 +2523,13 @@ CURLcode Curl_disconnect(struct connectdata *conn, bool dead_connection)
        data->state.authproxy.want;
    }

-    if(has_host_ntlm || has_proxy_ntlm) {
+    if(has_host_ntlm || has_proxy_ntlm)
      data->state.authproblem = FALSE;
-
-      Curl_http_ntlm_cleanup(conn);
-    }
  }

+  /* Cleanup NTLM connection-related data */
+  Curl_http_ntlm_cleanup(conn);
+
  /* Cleanup possible redirect junk */
  if(data->req.newurl) {
    free(data->req.newurl);