Skip to content

sspi: fix memory leaks on error paths in Curl_create_sspi_identity() #19866

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
vszakats wants to merge 2 commits into from
Closed

sspi: fix memory leaks on error paths in Curl_create_sspi_identity() #19866

vszakats wants to merge 2 commits into from

Conversation

@vszakats
Copy link
Member

@vszakats vszakats commented Dec 7, 2025
edited
Loading

Detected by Windows torture test 1072 (with -shallow=20/13),
test 579 (with -shallow=18/14/13), and test 1286 (with -shallow=15).

** MEMORY FAILURE
Leak detected: memory still allocated: 20 bytes
At 1a1e8136328, there is 18 bytes.
 allocated by D:/a/curl/curl/lib/curl_sspi.c:133
At 1a1e8139368, there is 2 bytes.
 allocated by D:/a/curl/curl/lib/curl_sspi.c:143
 1072: torture FAILED: function number 207 in test.
 invoke with "-t207" to repeat this single case.
Warning: http2 server unexpectedly alive

Ref: https://github.com/curl/curl/actions/runs/20008523913/job/57374427439?pr=19865

Also simplify the code a little.

Cherry-picked from #19865

@vszakats
try 1072
6ca7740 
** MEMORY FAILURE
Leak detected: memory still allocated: 20 bytes
At 1a1e8136328, there is 18 bytes.
 allocated by D:/a/curl/curl/lib/curl_sspi.c:133
At 1a1e8139368, there is 2 bytes.
 allocated by D:/a/curl/curl/lib/curl_sspi.c:143
 1072: torture FAILED: function number 207 in test.
 invoke with "-t207" to repeat this single case.
Warning: http2 server unexpectedly alive

https://github.com/curl/curl/actions/runs/20008523913/job/57374427439?pr=19865
@vszakats
try simplify
4711bb4
@vszakats vszakats added memory-leak Windows Windows-specific labels Dec 7, 2025
@vszakats vszakats mentioned this pull request Dec 7, 2025
Closed
2 tasks
@vszakats vszakats changed the title sspi: fix memory leak on error paths sspi: fix memory leaks on error paths Dec 7, 2025
@vszakats vszakats requested a review from Copilot December 7, 2025 21:26
Copilot AI reviewed Dec 7, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes memory leaks in the SSPI authentication code that were detected during Windows torture testing. The leaks occurred when error conditions were encountered after successful memory allocations, but before the function could complete.

Key Changes:

  • Added missing curlx_free() calls for dup_user and dup_domain on all error paths after they are allocated
  • Moved identity structure assignments to the end of the function, after all error paths, simplifying the code and ensuring proper cleanup on failures
  • Ensures all allocated resources are properly freed before returning error codes

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@vszakats vszakats changed the title sspi: fix memory leaks on error paths sspi: fix memory leaks on error paths in Curl_create_sspi_identity() Dec 8, 2025
@vszakats vszakats closed this in 121c540 Dec 8, 2025
@vszakats vszakats deleted the sspileak branch December 8, 2025 09:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

authentication memory-leak Windows Windows-specific

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vszakats