From cefc250efd71515dd665b606bcb993e617068758 Mon Sep 17 00:00:00 2001
From: sashan <anedvedicky@gmail.com>
Date: Tue, 20 Feb 2018 23:03:36 +0100
Subject: [PATCH] Fix memory leak in KDC PKINIT code

Commit e5c77a11341a79e6af1e5aef7c587a5b75a9e378 introduced a memory
leak of the client public key in server_process_dh().  Free
client_pubkey on success as well as failure.

ticket: 8644 (new)
target_version: 1.16-next
target_version: 1.15-next
tags: pullup
---
 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index ac107c2c1b..0c8dd7e36b 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2979,6 +2979,7 @@ server_process_dh(krb5_context context,
 
     retval = 0;
 
+    BN_free(client_pubkey);
     if (dh_server != NULL)
         DH_free(dh_server);
     return retval;
-- 
2.47.2