Change #270838
| Category | curl |
| Changed by | Daniel Stenberg <daniel@haxx.se> |
| Changed at | Sat 13 Jun 2026 23:18:59 |
| Repository | https://github.com/curl/curl.git |
| Project | curl |
| Branch | master |
| Revision | 8d3c4fe344d982c052917f20084c14001c3b9156 |
Comments
sspi: free libcurl allocated memory with curlx_free DecryptMessage() decrypts the buffer in place, overwriting the original contents. It does not allocate any new buffer so the single original buffer should be freed using the same memory "system" that allocated it. Reported-by: Trail of Bits Closes #21990
Changed files
- lib/socks_sspi.c
- lib/vauth/krb5_sspi.c