From 9c0993d97b4731f695ab1d3815260f801b3634df Mon Sep 17 00:00:00 2001
From: Will Fiveash <will.fiveash@oracle.com>
Date: Sat, 16 Jul 2016 14:04:29 -0700
Subject: [PATCH] Fix memory leak in mutt_sasl_cb_pass.

SASL doesn't free the sasl_secret_t, so this was leaking.  Instead,
keep our own pointer to it, and safe_realloc() each time.

sasl_secret_t doesn't need the data field null terminated, so memcpy
the password over.
---
 mutt_sasl.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/mutt_sasl.c b/mutt_sasl.c
index 267a59a6a..d99ba7260 100644
--- a/mutt_sasl.c
+++ b/mutt_sasl.c
@@ -84,6 +84,8 @@ static int getnameinfo_err(int ret)
 
 static sasl_callback_t mutt_sasl_callbacks[5];
 
+static sasl_secret_t *secret_ptr = NULL;
+
 static int mutt_sasl_start (void);
 
 /* callbacks */
@@ -445,9 +447,10 @@ static int mutt_sasl_cb_pass (sasl_conn_t* conn, void* context, int id,
 
   len = strlen (account->pass);
 
-  *psecret = (sasl_secret_t*) safe_malloc (sizeof (sasl_secret_t) + len);
-  (*psecret)->len = len;
-  strcpy ((char*)(*psecret)->data, account->pass);	/* __STRCPY_CHECKED__ */
+  safe_realloc (&secret_ptr, sizeof (sasl_secret_t) + len);
+  memcpy ((char *) secret_ptr->data, account->pass, (size_t) len);
+  secret_ptr->len = len;
+  *psecret = secret_ptr;
 
   return SASL_OK;
 }
-- 
2.50.1