From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 5 Oct 2023 22:03:52 +0000 (+1300)
Subject: s4:auth: Fix resource leak (CID 1107222)
X-Git-Tag: tevent-0.16.0~56
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=79a9a07c799beb31034e302f09b9463768995e46;p=thirdparty%2Fsamba.git

s4:auth: Fix resource leak (CID 1107222)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index 2dfd45dc3fe..dce71552e9a 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -333,6 +333,7 @@ done:
 		ret = smb_krb5_context_set_event_ctx(smb_krb5_context, event_ctx, &previous_ev);
 		if (ret) {
 			talloc_free(mem_ctx);
+			krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
 			return ret;
 		}
 #endif
@@ -361,6 +362,7 @@ done:
 		} else if (impersonate_principal) {
 			talloc_free(mem_ctx);
 			(*error_string) = "INTERNAL error: Cannot impersonate principal with just a keyblock.  A password must be specified in the credentials";
+			krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
 			return EINVAL;
 		} else {
 			/* No password available, try to use a keyblock instead */