Fix memory leak in gss_acquire_cred_from()

If gss_acquire_cred_from() is used with the krb5 mech and the verify
option (added in commit adbf73c507f383380c55d2ba9fa1ad6f30545bec), and
verification fails, make sure to free the credential we obtained
before returning.  Reported by Evgeny Shemyakin.

ticket: 9204

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index 0e12c2233bb7d1b3b22a57b77c9ac7581f6cc105..d35672fbbfe2a57d89688aa4acce5cc7f0925d68 100644 (file)
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -613,7 +613,7 @@ get_initial_cred(krb5_context context, const struct verify_params *verify,
 {
     krb5_error_code code;
     krb5_get_init_creds_opt *opt = NULL;
-    krb5_creds creds;
+    krb5_creds creds = { 0 };
 
     code = krb5_get_init_creds_opt_alloc(context, &opt);
     if (code)
@@ -648,8 +648,8 @@ get_initial_cred(krb5_context context, const struct verify_params *verify,
     cred->name->princ = creds.client;
     creds.client = NULL;
 
-    krb5_free_cred_contents(context, &creds);
 cleanup:
+    krb5_free_cred_contents(context, &creds);
     krb5_get_init_creds_opt_free(context, opt);
     return code;
 }