Free verto context later in KDC cleanup

The KDC supplies the verto context to kdcpreauth modules via the loop
method (added in commit 83b4ecd20e50ad330cd761977d5dadefe30a785b).
This context should remain valid until kdcpreauth modules are
unloaded, as modules might refer to it during cleanup.  In particular,
the OTP module references the verto context when freeing the RADIUS
client object (commit e89abc2d4ea1fea1ec28d470f297514b828e4842), which
can cause a memory error during KDC shutdown without this change.

ticket: 9064 (new)
tags: pullup
target_version: 1.20-next
target_version: 1.19-next

diff --git a/src/kdc/main.c b/src/kdc/main.c
index be6e361b86d834fc9635e213f3623497e5777153..bfdfef5c48936fa698a6d69fcc202066e37f46af 100644 (file)
--- a/src/kdc/main.c
+++ b/src/kdc/main.c
@@ -1037,7 +1037,6 @@ int main(int argc, char **argv)
     kau_kdc_start(kcontext, TRUE);
 
     verto_run(ctx);
-    loop_free(ctx);
     kau_kdc_stop(kcontext, TRUE);
     krb5_klog_syslog(LOG_INFO, _("shutting down"));
     unload_preauth_plugins(kcontext);
@@ -1051,6 +1050,7 @@ int main(int argc, char **argv)
 #ifndef NOCACHE
     kdc_free_lookaside(kcontext);
 #endif
+    loop_free(ctx);
     krb5_free_context(kcontext);
     return errout;
 }