luo980/curl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
58845f2e2e
curl/lib/vauth
History
Isaac Boukris 0b11660234
gssapi: fix memory leak of output token in multi round context 
When multiple rounds are needed to establish a security context
(usually ntlm), we overwrite old token with a new one without free.
Found by proposed gss tests using stub a gss implementation (by
valgrind error), though I have confirmed the leak with a real
gssapi implementation as well.

Closes https://github.com/curl/curl/pull/1733
2017-08-05 00:23:24 +02:00
..
cleartext.c Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows. 2016-11-24 14:28:39 +01:00
cram.c internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
digest_sspi.c spelling fixes 2017-03-26 23:56:23 +02:00
digest.c rand: treat fake entropy the same regardless of endianness 2017-05-08 23:24:29 +02:00
digest.h URLs: change http to https in many places 2016-04-06 11:58:34 +02:00
krb5_gssapi.c spelling fixes 2017-03-26 23:56:23 +02:00
krb5_sspi.c spelling fixes 2017-03-26 23:56:23 +02:00
ntlm_sspi.c vauth: Added check for supported SSPI based authentication mechanisms 2016-08-21 10:27:09 +01:00
ntlm.c rand: treat fake entropy the same regardless of endianness 2017-05-08 23:24:29 +02:00
ntlm.h use *.sourceforge.io and misc URL updates 2017-02-06 19:21:05 +00:00
oauth2.c internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
spnego_gssapi.c gssapi: fix memory leak of output token in multi round context 2017-08-05 00:23:24 +02:00
spnego_sspi.c sspi: print out InitializeSecurityContext() error message 2017-04-07 08:49:20 +02:00
vauth.c sasl: Don't use GSSAPI authentication when domain name not specified 2016-08-21 11:56:23 +01:00
vauth.h sasl: Don't use GSSAPI authentication when domain name not specified 2016-08-21 11:56:23 +01:00