From: Gary Lockyer <gary@catalyst.net.nz>
Date: Sun, 21 Sep 2025 21:04:02 +0000 (+1200)
Subject: s4:kdc:sdb_to_hdb: Fix CID 1665466
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b36c49e43e92552425523deb68d355fc8c3a88fe;p=thirdparty%2Fsamba.git

s4:kdc:sdb_to_hdb: Fix CID 1665466

Fix:
*** CID 1665466:         Resource leaks  (RESOURCE_LEAK)
/source4/kdc/sdb_to_hdb.c: 482             in sdb_entry_to_hdb_entry()
476     	}
477
478     	h->context = ske;
479     	if (ske != NULL) {
480     		ske->kdc_entry = h;
481     	}
>>>     CID 1665466:         Resource leaks  (RESOURCE_LEAK)
>>>     Variable "kt" going out of scope leaks the storage "kt.val" points to.
482     	return 0;
483     error:
484     	free_hdb_entry(h);
485     	return rc;

This is almost certainly a false positive as when kt.len == 0, kt.val will be
NULL. But changing the condition to kt.val != NULL, will not do any harm.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>

Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Sep 25 07:13:28 UTC 2025 on atb-devel-224
---

diff --git a/source4/kdc/sdb_to_hdb.c b/source4/kdc/sdb_to_hdb.c
index ef02ce5be2a..83e5547b8a1 100644
--- a/source4/kdc/sdb_to_hdb.c
+++ b/source4/kdc/sdb_to_hdb.c
@@ -463,16 +463,16 @@ int sdb_entry_to_hdb_entry(krb5_context context,
 	if (rc != 0) {
 		goto error;
 	}
-	if (kt.len > 0) {
+	if (kt.val != NULL && kt.len != 0) {
 		HDB_extension ext = {};
 		ext.mandatory = FALSE;
 		ext.data.element = choice_HDB_extension_data_key_trust;
 		ext.data.u.key_trust = kt;
 		rc = hdb_replace_extension(context, h, &ext);
-		free_HDB_Ext_KeyTrust(&kt);
-		if (rc != 0) {
-			goto error;
-		}
+	}
+	free_HDB_Ext_KeyTrust(&kt);
+	if (rc != 0) {
+		goto error;
 	}
 
 	h->context = ske;