From 99ead4e0f0e8efa5ff838d933c4da39d6da12c60 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 14 Apr 2026 10:56:39 +0200
Subject: [PATCH] request: cleanup the auth headers on soft rest as well

To avoid the risk them lingering around.

Follow-up to 3512b673ddc54074676d

Closes #21311
---
 lib/request.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/request.c b/lib/request.c
index 32499d7f6b..a76c1a9b6c 100644
--- a/lib/request.c
+++ b/lib/request.c
@@ -65,6 +65,11 @@ CURLcode Curl_req_soft_reset(struct SingleRequest *req,
   req->httpversion = 0;
   req->sendbuf_hds_len = 0;
 
+  curlx_safefree(req->userpwd);
+#ifndef CURL_DISABLE_PROXY
+  curlx_safefree(req->proxyuserpwd);
+#endif
+
   result = Curl_client_start(data);
   if(result)
     return result;