Memory leak in CURLOPT_XOAUTH2_BEARER

[Tachi107]

I did this

Given the following code:

#include <curl/curl.h>

int main(void) {
  curl_global_init(CURL_GLOBAL_ALL);

  CURL* curl = curl_easy_init();

  curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BEARER);
  curl_easy_setopt(curl, CURLOPT_XOAUTH2_BEARER, "c4e448d652a961fda0ab64f882c8c161d5985f805d45d80c9ddca108f8e2fde3");
  curl_easy_setopt(curl, CURLOPT_HTTPGET, 1L);
  curl_easy_setopt(curl, CURLOPT_URL, "https://andrea.pappacoda.it");

  for (int i = 0; i < 5; i++) {
    curl_easy_perform(curl);
  }

  curl_easy_cleanup(curl);

  curl_global_cleanup();
}

AddressSanitizer reports a memory leak:

$ cc -g -fsanitize=address main.c $(pkg-config --cflags --libs libcurl) -o asan && ./asan
=================================================================
==41730==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 260 byte(s) in 4 object(s) allocated from:
    #0 0x7f52f54d97a7 in __interceptor_strdup ../../../../src/libsanitizer/asan/asan_interceptors.cpp:454
    #1 0x7f52f54423cd  (/lib/x86_64-linux-gnu/libcurl.so.4+0x673cd)

SUMMARY: AddressSanitizer: 260 byte(s) leaked in 4 allocation(s).

and valgrind does too:

$ cc -g main.c $(pkg-config --cflags --libs libcurl) -o valgrind && valgrind --leak-check=full ./valgrind
==41878== 
==41878== HEAP SUMMARY:
==41878==     in use at exit: 3,710 bytes in 12 blocks
==41878==   total heap usage: 32,937 allocs, 32,925 frees, 3,397,085 bytes allocated
==41878== 
==41878== 260 bytes in 4 blocks are definitely lost in loss record 5 of 8
==41878==    at 0x483F7B5: malloc (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==41878==    by 0x499331A: strdup (strdup.c:42)
==41878==    by 0x48CB3CD: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.8.0)
==41878==    by 0x48AB9B7: ??? (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.8.0)
==41878==    by 0x48AC81D: curl_multi_perform (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.8.0)
==41878==    by 0x4884AE2: curl_easy_perform (in /usr/lib/x86_64-linux-gnu/libcurl.so.4.8.0)
==41878==    by 0x1092FB: main (main.c:15)
==41878== 
==41878== LEAK SUMMARY:
==41878==    definitely lost: 260 bytes in 4 blocks
==41878==    indirectly lost: 0 bytes in 0 blocks
==41878==      possibly lost: 0 bytes in 0 blocks
==41878==    still reachable: 3,450 bytes in 8 blocks
==41878==         suppressed: 0 bytes in 0 blocks
==41878== Reachable blocks (those to which a pointer was found) are not shown.
==41878== To see them, rerun with: --leak-check=full --show-leak-kinds=all
==41878== 
==41878== For lists of detected and suppressed errors, rerun with: -s
==41878== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)

The size of the leak depends on the value of CURLOPT_XOAUTH2_BEARER; in this example it is 260 because the token is 65 characters long (including '\0') times 4.

I expected the following

Repeatedly performing HTTP requests with the same handle when a bearer token is set with the CURLOPT_XOAUTH2_BEARER option should not leak the token on each request.

curl/libcurl version

curl 7.83.0 (x86_64-pc-linux-gnu) libcurl/7.83.0 OpenSSL/1.1.1o zlib/1.2.11 brotli/1.0.9 zstd/1.5.2 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.10.0 nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.11
Release-Date: 2022-04-27
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets zstd

operating system

Linux debian 5.17.0-1-amd64 #1 SMP PREEMPT Debian 5.17.3-1 (2022-04-18) x86_64 GNU/Linux

[bagder]

I can reproduce with a new test case. PR pending.