s4:kdc:sdb_to_hdb: Fix CID 1665466

Fix:
*** CID 1665466:         Resource leaks  (RESOURCE_LEAK)
/source4/kdc/sdb_to_hdb.c: 482             in sdb_entry_to_hdb_entry()
476     	}
477
478     	h->context = ske;
479     	if (ske != NULL) {
480     		ske->kdc_entry = h;
481     	}
>>>     CID 1665466:         Resource leaks  (RESOURCE_LEAK)
>>>     Variable "kt" going out of scope leaks the storage "kt.val" points to.
482     	return 0;
483     error:
484     	free_hdb_entry(h);
485     	return rc;

This is almost certainly a false positive as when kt.len == 0, kt.val will be
NULL. But changing the condition to kt.val != NULL, will not do any harm.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Sep 25 07:13:28 UTC 2025 on atb-devel-224

diff --git a/source4/kdc/sdb_to_hdb.c b/source4/kdc/sdb_to_hdb.c
index ef02ce5be2a8e299a796802865d22a6f165e5952..83e5547b8a11bfee4a45a8b2b95ce108f74b23a9 100644 (file)
--- a/source4/kdc/sdb_to_hdb.c
+++ b/source4/kdc/sdb_to_hdb.c
@@ -463,16 +463,16 @@ int sdb_entry_to_hdb_entry(krb5_context context,
        if (rc != 0) {
                goto error;
        }
-       if (kt.len > 0) {
+       if (kt.val != NULL && kt.len != 0) {
                HDB_extension ext = {};
                ext.mandatory = FALSE;
                ext.data.element = choice_HDB_extension_data_key_trust;
                ext.data.u.key_trust = kt;
                rc = hdb_replace_extension(context, h, &ext);
-               free_HDB_Ext_KeyTrust(&kt);
-               if (rc != 0) {
-                       goto error;
-               }
+       }
+       free_HDB_Ext_KeyTrust(&kt);
+       if (rc != 0) {
+               goto error;
        }
 
        h->context = ske;