From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 26 Jul 2015 17:21:47 +0000 (-0400)
Subject: Fix uncommon leak in krb5_init_creds_step()
X-Git-Tag: krb5-1.14-alpha1~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=997eb174f5fd81747ad0ecb671f00c25951931b1;p=thirdparty%2Fkrb5.git

Fix uncommon leak in krb5_init_creds_step()

Release any previous value of ctx->err_padata before setting it in
init_creds_step_reply().  It could have a prior value after a realm
referral or retriable error.

ticket: 8223
target_version: 1.13.3
tags: pullup
---

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index fa8afcc38d..4343a4b803 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1428,6 +1428,8 @@ init_creds_step_reply(krb5_context context,
         ctx->request->client->type == KRB5_NT_ENTERPRISE_PRINCIPAL;
 
     if (ctx->err_reply != NULL) {
+        krb5_free_pa_data(context, ctx->err_padata);
+        ctx->err_padata = NULL;
         code = krb5int_fast_process_error(context, ctx->fast_state,
                                           &ctx->err_reply, &ctx->err_padata,
                                           &retry);