From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Tue, 11 Mar 2014 17:33:23 +0000 (-0400)
Subject: Don't leak the per-request preauth context
X-Git-Tag: krb5-1.13-alpha1~184
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a47c4e68308331a630480cb62c2b7711432e0123;p=thirdparty%2Fkrb5.git

Don't leak the per-request preauth context

Currently, per-request preauth module data is only cleared when we
successfully obtain initial credentials.  Make sure to clear it at the
end of the operation even if we failed to get creds.

[ghudson@mit.edu: expanded commit message]

ticket: 7793
target_version: 1.12.2
tags: pullup
---

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index ebd28440d6..ebcb36213f 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -488,6 +488,7 @@ krb5_init_creds_free(krb5_context context,
     k5_response_items_free(ctx->rctx.items);
     free(ctx->in_tkt_service);
     zapfree(ctx->gakpw.storage.data, ctx->gakpw.storage.length);
+    k5_preauth_request_context_fini(context);
     krb5_free_error(context, ctx->err_reply);
     krb5_free_pa_data(context, ctx->err_padata);
     krb5_free_cred_contents(context, &ctx->cred);