From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 21 Jul 2017 23:00:46 +0000 (+0300)
Subject: gssapi: fix memory leak of output token in multi round context
X-Git-Tag: curl-7_55_0~12
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0b11660234c4f9bbea7308402ad739dc3f153b08;p=curl

gssapi: fix memory leak of output token in multi round context

When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.

Closes https://github.com/curl/curl/pull/1733
---

diff --git a/lib/vauth/spnego_gssapi.c b/lib/vauth/spnego_gssapi.c
index 8840db8fd..5196c2704 100644
--- a/lib/vauth/spnego_gssapi.c
+++ b/lib/vauth/spnego_gssapi.c
@@ -180,6 +180,10 @@ CURLcode Curl_auth_decode_spnego_message(struct Curl_easy *data,
     return CURLE_OUT_OF_MEMORY;
   }
 
+  /* Free previous token */
+  if(nego->output_token.length && nego->output_token.value)
+    gss_release_buffer(&unused_status, &nego->output_token);
+
   nego->output_token = output_token;
 
   return CURLE_OK;