Fixed double-free in the digest authentication handling.

# Found and Reported by Stefan Esser

2 files changed, 8 insertions, 2 deletions

diff --git a/main/SAPI.c b/main/SAPI.c
index e6ce825375..0b9405dab1 100644
--- a/main/SAPI.c
+++ b/main/SAPI.c
@@ -455,7 +455,7 @@ SAPI_API void sapi_initialize_empty_request(TSRMLS_D)
 {
 	SG(server_context) = NULL;
 	SG(request_info).request_method = NULL;
-	SG(request_info).auth_user = SG(request_info).auth_password = NULL;
+	SG(request_info).auth_digest = SG(request_info).auth_user = SG(request_info).auth_password = NULL;
 	SG(request_info).content_type_dup = NULL;
 }
 
diff --git a/main/main.c b/main/main.c
index ef336e03c0..6a792e8bff 100644
--- a/main/main.c
+++ b/main/main.c
@@ -1767,13 +1767,19 @@ PHPAPI int php_handle_auth_data(const char *auth TSRMLS_DC)
 
 	if (ret == -1) {
 		SG(request_info).auth_user = SG(request_info).auth_password = NULL;
+	} else {
+		SG(request_info).auth_digest = NULL;
 	}
 	
-	if (auth && auth[0] != '\0' && strncmp(auth, "Digest ", 7) == 0) {
+	if (ret == -1 && auth && auth[0] != '\0' && strncmp(auth, "Digest ", 7) == 0) {
 		SG(request_info).auth_digest = estrdup(auth);
 		ret = 0;
 	}
 
+	if (ret == -1) {
+		SG(request_info).auth_digest = NULL;
+	}
+
 	return ret;
 }
 /* }}} */