Fix krb5_get_init_creds_password() pwchange leak

When krb5_get_init_creds_password() attempts to change the password,
make sure to free code_string along all exit paths.

(cherry picked from commit 3e5f7709e1928f1e814c427f2811d9204a167439)

ticket: 8440
version_fixed: 1.13.7

diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index e95673fe47378e73b9230626e4f41df42892e844..298f07515f0e1ba9da75ee66fdee3c17de7cb26a 100644 (file)
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -443,6 +443,7 @@ krb5_get_init_creds_password(krb5_context context,
             /* the change succeeded.  go on */
 
             if (result_code == 0) {
+                free(code_string.data);
                 free(result_string.data);
                 break;
             }
@@ -452,6 +453,7 @@ krb5_get_init_creds_password(krb5_context context,
             ret = KRB5_CHPW_FAIL;
 
             if (result_code != KRB5_KPASSWD_SOFTERROR) {
+                free(code_string.data);
                 free(result_string.data);
                 goto cleanup;
             }