smtp_done: free data before returning (on send failure)

... as otherwise it could leak that memory.

Detected by OSS-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3600

Assisted-by: Max Dymond
Closes #1977

diff --git a/lib/smtp.c b/lib/smtp.c
index de2dd33563342b6ac86ed500d29f4fdf836ef2d5..08d8148a3c287fe8d22119f427a01feca579eba1 100644 (file)
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -1188,6 +1188,9 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
   if(!smtp || !pp->conn)
     return CURLE_OK;
 
+  /* Cleanup our per-request based variables */
+  Curl_safefree(smtp->custom);
+
   if(status) {
     connclose(conn, "SMTP done with bad status"); /* marked for closure */
     result = status;         /* use the already set error code */
@@ -1246,9 +1249,6 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
     result = smtp_block_statemach(conn);
   }
 
-  /* Cleanup our per-request based variables */
-  Curl_safefree(smtp->custom);
-
   /* Clear the transfer mode for the next request */
   smtp->transfer = FTPTRANSFER_BODY;