[libsoup/ntlm-leaks: 1/2] SoupAuthNTLM: plug a leak in the response processing code

[Claudio Saavedra <csaavedra src gnome org>]

commit 73c09c1f7c143c00fbb1a477aba97c2519b029c8
Author: Claudio Saavedra <csaavedra igalia com>
Date:   Tue Aug 20 11:49:49 2019 +0300

    SoupAuthNTLM: plug a leak in the response processing code
    
    Addresses #156

 libsoup/soup-auth-ntlm.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/libsoup/soup-auth-ntlm.c b/libsoup/soup-auth-ntlm.c
index 1663669c..74be8216 100644
--- a/libsoup/soup-auth-ntlm.c
+++ b/libsoup/soup-auth-ntlm.c
@@ -847,15 +847,17 @@ calc_ntlmv2_response (const char *user, const char *domain,
        guchar *nonce_blob, *blob, *p_blob;
        unsigned char nonce_blob_hash[HMAC_MD5_LENGTH];
        unsigned char nonce_client_nonce[16], nonce_client_nonce_hash[HMAC_MD5_LENGTH];
-       gchar *user_domain, *user_domain_conv;
+       gchar *user_uppercase, *user_domain, *user_domain_conv;
        gsize user_domain_conv_sz;
        size_t blob_sz;
        int i;
 
        /* create HMAC-MD5 hash of Unicode uppercase username and Unicode domain */
-       user_domain = g_strconcat ((const gchar *) g_utf8_strup ((const gchar *) user, (gsize) strlen(user)), 
(gchar *) domain, NULL);
+       user_uppercase = g_utf8_strup (user, strlen (user));
+       user_domain = g_strconcat (user_uppercase, domain, NULL);
        user_domain_conv = g_convert (user_domain, -1, "UCS-2LE", "UTF-8", NULL, &user_domain_conv_sz, NULL);
        calc_hmac_md5 (ntv2_hash, nt_hash, nt_hash_sz, (const guchar *)user_domain_conv, user_domain_conv_sz);
+       g_free (user_uppercase);
        g_free (user_domain);
        g_free (user_domain_conv);