[2/2] wininet: Stop leaking username and password.

[Hans Leidekker]

diff --git a/dlls/wininet/http.c b/dlls/wininet/http.c
index f9b0e5c..fad2e41 100644
--- a/dlls/wininet/http.c
+++ b/dlls/wininet/http.c
@@ -3518,12 +3518,14 @@ static DWORD HTTPSESSION_SetOption(WININETHANDLEHEADER *hdr, DWORD option, void
     switch(option) {
     case INTERNET_OPTION_USERNAME:
     {
-        if (!(ses->lpszUserName = WININET_strdupW(buffer))) break;
+        HeapFree(GetProcessHeap(), 0, ses->lpszUserName);
+        if (!(ses->lpszUserName = WININET_strdupW(buffer))) return ERROR_OUTOFMEMORY;
         return ERROR_SUCCESS;
     }
     case INTERNET_OPTION_PASSWORD:
     {
-        if (!(ses->lpszPassword = WININET_strdupW(buffer))) break;
+        HeapFree(GetProcessHeap(), 0, ses->lpszPassword);
+        if (!(ses->lpszPassword = WININET_strdupW(buffer))) return ERROR_OUTOFMEMORY;
         return ERROR_SUCCESS;
     }
     default: break;