From 29dfc0238caea63ba128404c2de069a2aa3651fa Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 23 Mar 2026 15:04:21 +0100
Subject: [PATCH] tool_getparam: use correct free function for libcurl memory

Memory returned from curl_easy_escape() should be fred with curl_free()
to avoid surprises.

Follow-up to f37840a46e5eddaf109c16fa7

Spotted by Codex Security
Closes #21075
---
 src/tool_getparam.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index eac6cafd0c..791a55c790 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -727,7 +727,11 @@ static ParameterError data_urlencode(const char *nextarg,
         size = curlx_dyn_len(&dyn);
       }
       else {
-        n = enc;
+        /* make sure we return "our memory" */
+        n = curlx_strdup(enc);
+        curl_free(enc);
+        if(!n)
+          return PARAM_NO_MEM;
         size = strlen(n);
       }
       postdata = n;