From: Luke Howard <lukeh@padl.com>
Date: Wed, 16 Sep 2009 17:59:41 +0000 (+0000)
Subject: 2. s4u_creds.c:krb5_get_self_cred_from_kdc leaks in_padata if the
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=799540ff437e40ae388cd7d9e32b0830e5739ed9;p=thirdparty%2Fkrb5.git

2. s4u_creds.c:krb5_get_self_cred_from_kdc leaks in_padata if the
error path is taken at line 584.  (Our coding practices discourage
freeing the same resource in multiple code paths, and also forbid
declaring variables in inner scopes.)

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/authdata@22772 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/s4u_creds.c b/src/lib/krb5/krb/s4u_creds.c
index 613bbef1f7..1f294c427c 100644
--- a/src/lib/krb5/krb/s4u_creds.c
+++ b/src/lib/krb5/krb/s4u_creds.c
@@ -580,8 +580,10 @@ krb5_get_self_cred_from_kdc(krb5_context context,
         code = krb5int_copy_data_contents(context,
                                           &tgtptr->server->data[1],
                                           &s4u_creds.server->realm);
-        if (code != 0)
+        if (code != 0) {
+            krb5_free_pa_data(context, in_padata);
             goto cleanup;
+        }
 
         code = krb5_get_cred_via_tkt_ext(context, tgtptr,
                                          KDC_OPT_CANONICALIZE |