romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-05-19 18:06:20 +03:00
Code Issues Projects Releases Packages Wiki Activity

gsasl: fix potential double free

Browse source 
Also:
- require libgsasl 1.6.0+ (2010-12-14) for a `gsasl_finish()` that
  handles a NULL argument.
  Ref: b550032df8

Reported-by: Joshua Rogers (Aisle Research)

Closes #21609
This commit is contained in:
Viktor Szakats 2026-05-14 14:35:21 +02:00
parent eb9b253d66
commit 3da249e1f0
No known key found for this signature in database
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/INTERNALS.md
View file

@ -30,6 +30,7 @@ We aim to support these or later versions.
- c-ares 1.16.0 (2020-03-13)
- GnuTLS 3.6.5 (2018-12-01)
- libidn2 2.0.0 (2017-03-29)
- libgsasl 1.6.0 (2010-12-14)
- LibreSSL 2.9.1 (2019-04-22)
- libssh 0.9.0 (2019-06-28)
- libssh2 1.9.0 (2019-06-20)

5
lib/vauth/gsasl.c
View file

@ -32,6 +32,10 @@
#include <gsasl.h>
#if GSASL_VERSION_NUMBER < 0x010600
#error "requires libgsasl 1.6.0+"
#endif
bool Curl_auth_gsasl_is_supported(struct Curl_easy *data,
const char *mech,
struct gsasldata *gsasl)
@ -47,6 +51,7 @@ bool Curl_auth_gsasl_is_supported(struct Curl_easy *data,
res = gsasl_client_start(gsasl->ctx, mech, &gsasl->client);
if(res != GSASL_OK) {
gsasl_done(gsasl->ctx);
gsasl->ctx = NULL;
return FALSE;
}