sspi: Synchronization of cleanup code between auth mechanisms

lib/curl_ntlm_msgs.c

@@ -341,25 +341,30 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
 #ifdef USE_WINDOWS_SSPI
 void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
 {
-  Curl_safefree(ntlm->input_token);
+  /* Free our security context */
-
   if(ntlm->context) {
     s_pSecFn->DeleteSecurityContext(ntlm->context);
     free(ntlm->context);
     ntlm->context = NULL;
   }
 
+  /* Free our credentials handle */
   if(ntlm->credentials) {
     s_pSecFn->FreeCredentialsHandle(ntlm->credentials);
     free(ntlm->credentials);
     ntlm->credentials = NULL;
   }
 
-  ntlm->token_max = 0;
+  /* Free our identity */
-  Curl_safefree(ntlm->output_token);
-
   Curl_sspi_free_identity(ntlm->p_identity);
   ntlm->p_identity = NULL;
+
+  /* Free the input and output tokens */
+  Curl_safefree(ntlm->input_token);
+  Curl_safefree(ntlm->output_token);
+
+  /* Reset any variables */
+  ntlm->token_max = 0;
 }
 #endif
 

lib/http_negotiate_sspi.c

@@ -258,25 +258,30 @@ CURLcode Curl_output_negotiate(struct connectdata *conn, bool proxy)
 
 static void cleanup(struct negotiatedata *neg_ctx)
 {
+  /* Free our security context */
   if(neg_ctx->context) {
     s_pSecFn->DeleteSecurityContext(neg_ctx->context);
     free(neg_ctx->context);
     neg_ctx->context = NULL;
   }
 
+  /* Free our credentials handle */
   if(neg_ctx->credentials) {
     s_pSecFn->FreeCredentialsHandle(neg_ctx->credentials);
     free(neg_ctx->credentials);
     neg_ctx->credentials = NULL;
   }
 
-  neg_ctx->token_max = 0;
+  /* Free our identity */
-  Curl_safefree(neg_ctx->output_token);
-
-  Curl_safefree(neg_ctx->server_name);
-
   Curl_sspi_free_identity(neg_ctx->p_identity);
   neg_ctx->p_identity = NULL;
+
+  /* Free the SPN and output token */
+  Curl_safefree(neg_ctx->server_name);
+  Curl_safefree(neg_ctx->output_token);
+
+  /* Reset any variables */
+  neg_ctx->token_max = 0;
 }
 
 void Curl_cleanup_negotiate(struct SessionHandle *data)