From 0ac029e1c0e4855ce38d2c6f7cba9c0f9217dcbb Mon Sep 17 00:00:00 2001
From: Kawe Mazidjatari <48657826+Mauler125@users.noreply.github.com>
Date: Mon, 12 Jun 2023 21:36:38 +0200
Subject: [PATCH] Fix CVE-2019-5481

Merge: curl/curl@9069838b30fb3b48af0123e3
---
 r5dev/thirdparty/curl/security.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/r5dev/thirdparty/curl/security.c b/r5dev/thirdparty/curl/security.c
index f4a87634..90ba40c5 100644
--- a/r5dev/thirdparty/curl/security.c
+++ b/r5dev/thirdparty/curl/security.c
@@ -193,7 +193,6 @@ static CURLcode read_data(struct connectdata *conn,
                           struct krb5buffer *buf)
 {
   int len;
-  void *tmp = NULL;
   CURLcode result;
 
   result = socket_read(fd, &len, sizeof(len));
@@ -203,12 +202,11 @@ static CURLcode read_data(struct connectdata *conn,
   if(len) {
     /* only realloc if there was a length */
     len = ntohl(len);
-    tmp = Curl_saferealloc(buf->data, len);
+    buf->data = Curl_saferealloc(buf->data, len);
   }
-  if(tmp == NULL)
+  if(!len || !buf->data)
     return CURLE_OUT_OF_MEMORY;
 
-  buf->data = tmp;
   result = socket_read(fd, buf->data, len);
   if(result)
     return result;