romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-30 06:47:28 +03:00
Code Issues Projects Releases Packages Wiki Activity

krb5_gssapi: fix memory leak on error path

Browse source 
If a non-compliant amount of bytes is received, the function would
return error without free.

Reported-by: Joshua Rogers
Closes #18976
This commit is contained in:
Daniel Stenberg 2025-10-09 16:51:55 +02:00
parent 2a2a2e5d10
commit 2c6505e0ef
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/vauth/krb5_gssapi.c
View file

@ -225,6 +225,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
/* Not 4 octets long so fail as per RFC4752 Section 3.1 */
if(output_token.length != 4) {
infof(data, "GSSAPI handshake failure (invalid security data)");
gss_release_buffer(&unused_status, &output_token);
return CURLE_BAD_CONTENT_ENCODING;
}