I did this

FreeContextBuffer (SSPI) must only be used on buffers that were allocated by SSPI/security packages (e.g., results from EnumerateSecurityPackages, QueryContextAttributes, QuerySecurityPackageInfo, and so on).

In lib/socks_sspi.c, for example, we have the following code:

    sspi_recv_token.pvBuffer = malloc(us_length);

which is then freed with:

if(sspi_recv_token.pvBuffer)
  Curl_pSecFn->FreeContextBuffer(sspi_recv_token.pvBuffer);

There are a lot of these occurances throughout the source code (ok, not sooo many), and they should be updated to use the proper allocate/free methods.

I expected the following

memory allocated in same way it's freed

curl/libcurl version

curl 8.2.0

operating system

Windows