From 6e51f9cc3152c8e419fe7f459bcf521d60358434 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 15 Jul 2013 11:14:24 -0400
Subject: [PATCH] Fix minor leaks in klist

When walking the cache, if we skip a cred because it's a config entry,
make sure to free it.  Also free the result of krb5_cc_get_principal.
Based on a patch from Nalin Dahyabhai.
---
 src/clients/klist/klist.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/clients/klist/klist.c b/src/clients/klist/klist.c
index 6c040673c1..745a460854 100644
--- a/src/clients/klist/klist.c
+++ b/src/clients/klist/klist.c
@@ -520,9 +520,9 @@ do_ccache(krb5_ccache cache)
         return 1;
     }
     while (!(code = krb5_cc_next_cred(kcontext, cache, &cur, &creds))) {
-        if (!show_config && krb5_is_config_principal(kcontext, creds.server))
-            continue;
-        if (status_only) {
+        if (!show_config && krb5_is_config_principal(kcontext, creds.server)) {
+            /* Do nothing with this entry. */
+        } else if (status_only) {
             if (exit_status && creds.server->length == 2 &&
                 data_eq(creds.server->realm, princ->realm) &&
                 data_eq_string(creds.server->data[0], "krbtgt") &&
@@ -556,6 +556,7 @@ do_ccache(krb5_ccache cache)
             com_err(progname, code, _("while retrieving a ticket"));
         return 1;
     }
+    krb5_free_principal(kcontext, princ);
 }
 
 char *
-- 
2.47.2