From d7e4473806daec96a66758690d1fb01709558756 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 3 Mar 2026 22:57:46 +0100
Subject: [PATCH] tool_doswin: avoid memory-leak with CURL_FN_SANITIZE_*

This is debug-only code

Follow-up to 20900e4a1e3

Found by Codex Security

Closes #20804
---
 src/tool_doswin.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/tool_doswin.c b/src/tool_doswin.c
index 2f7630059c..c56a41d081 100644
--- a/src/tool_doswin.c
+++ b/src/tool_doswin.c
@@ -512,10 +512,14 @@ SANITIZEcode sanitize_file_name(char ** const sanitized, const char *file_name,
   }
 
 #ifdef DEBUGBUILD
-  if(getenv("CURL_FN_SANITIZE_BAD"))
+  if(getenv("CURL_FN_SANITIZE_BAD")) {
+    curlx_free(target);
     return SANITIZE_ERR_INVALID_PATH;
-  if(getenv("CURL_FN_SANITIZE_OOM"))
+  }
+  if(getenv("CURL_FN_SANITIZE_OOM")) {
+    curlx_free(target);
     return SANITIZE_ERR_OUT_OF_MEMORY;
+  }
 #endif
 
   *sanitized = target;