From 79a9a07c799beb31034e302f09b9463768995e46 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Fri, 6 Oct 2023 11:03:52 +1300
Subject: [PATCH] s4:auth: Fix resource leak (CID 1107222)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---
 source4/auth/kerberos/kerberos_util.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c
index 2dfd45dc3fe..dce71552e9a 100644
--- a/source4/auth/kerberos/kerberos_util.c
+++ b/source4/auth/kerberos/kerberos_util.c
@@ -333,6 +333,7 @@ done:
 		ret = smb_krb5_context_set_event_ctx(smb_krb5_context, event_ctx, &previous_ev);
 		if (ret) {
 			talloc_free(mem_ctx);
+			krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
 			return ret;
 		}
 #endif
@@ -361,6 +362,7 @@ done:
 		} else if (impersonate_principal) {
 			talloc_free(mem_ctx);
 			(*error_string) = "INTERNAL error: Cannot impersonate principal with just a keyblock.  A password must be specified in the credentials";
+			krb5_get_init_creds_opt_free(smb_krb5_context->krb5_context, krb_options);
 			return EINVAL;
 		} else {
 			/* No password available, try to use a keyblock instead */
-- 
2.47.3