2. s4u_creds.c:krb5_get_self_cred_from_kdc leaks in_padata if the

error path is taken at line 584.  (Our coding practices discourage
freeing the same resource in multiple code paths, and also forbid
declaring variables in inner scopes.)

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22772 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c
index 613bbef1f7d9cd669c13b6e1bee66e0f2a762c5f..1f294c427c12a4e670e52266fb50227beec06273 100644 (file)
--- a/src/lib/krb5/krb/s4u_creds.c
+++ b/src/lib/krb5/krb/s4u_creds.c
@@ -580,8 +580,10 @@ krb5_get_self_cred_from_kdc(krb5_context context,
         code = krb5int_copy_data_contents(context,
                                           &tgtptr->server->data[1],
                                           &s4u_creds.server->realm);
-        if (code != 0)
+        if (code != 0) {
+            krb5_free_pa_data(context, in_padata);
             goto cleanup;
+        }
 
         code = krb5_get_cred_via_tkt_ext(context, tgtptr,
                                          KDC_OPT_CANONICALIZE |