From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 25 Feb 2016 16:19:17 +0000 (-0500)
Subject: Fix memory leak on error in KDC decrypt_2ndtkt()
X-Git-Tag: kfw-4.1-beta3-mit~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94ea7ae4039c553b3d7df5da384240d612782ba1;p=thirdparty%2Fkrb5.git

Fix memory leak on error in KDC decrypt_2ndtkt()

Make sure to release the server principal entry in the cleanup handler
if it is not assigned to the output parameter.  Reported by Will
Fiveash.

(cherry picked from commit a1faaa4d6a404e3103f45e639b8890c3b141dfe1)

ticket: 8362
version_fixed: 1.13.5
status: resolved
tags: -pullup
---

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index fce478ed75..48e822b103 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -952,7 +952,7 @@ decrypt_2ndtkt(kdc_realm_t *kdc_active_realm, krb5_kdc_req *req,
                const char **status)
 {
     krb5_error_code retval;
-    krb5_db_entry *server;
+    krb5_db_entry *server = NULL;
     krb5_keyblock *key;
     krb5_kvno kvno;
     krb5_ticket *stkt;
@@ -979,7 +979,9 @@ decrypt_2ndtkt(kdc_realm_t *kdc_active_realm, krb5_kdc_req *req,
         goto cleanup;
     }
     *server_out = server;
+    server = NULL;
 cleanup:
+    krb5_db_free_principal(kdc_context, server);
     return retval;
 }