From 266baf2d345b5685678b433b8fcc9b427df7e419 Mon Sep 17 00:00:00 2001
From: Daniel Gustafsson <daniel@yesql.se>
Date: Mon, 13 May 2024 09:11:23 +0200
Subject: [PATCH] websocket: Avoid memory leak in error path

In the errorpath for randstr being too long to copy into the buffer
we leak the randstr when returning CURLE_FAILED_INIT.  Fix by using
an explicit free on randstr in the errorpath.

Closes: #13602
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
---
 lib/ws.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/ws.c b/lib/ws.c
index 86ed5ce17c..6ccf9e65fd 100644
--- a/lib/ws.c
+++ b/lib/ws.c
@@ -718,8 +718,10 @@ CURLcode Curl_ws_request(struct Curl_easy *data, REQTYPE *req)
   if(result)
     return result;
   DEBUGASSERT(randlen < sizeof(keyval));
-  if(randlen >= sizeof(keyval))
+  if(randlen >= sizeof(keyval)) {
+    free(randstr);
     return CURLE_FAILED_INIT;
+  }
   strcpy(keyval, randstr);
   free(randstr);
   for(i = 0; !result && (i < sizeof(heads)/sizeof(heads[0])); i++) {