kadmin: kadmind_dispatch do not write NULL 'rsp' to 'out'

1b213c1082 ("kadmind: Add missing
error checks") altered the behavior of kadmin_dispatch() such that
it unconditionally called

      krb5_storage_to_data(rsp, out);

This change was unsafe because krb5_unparse_name_fixed() failure
would skip the allocation of the 'rsp' and 'sp' krb5_storage
objects.

This change allocates the krb5_storage objects prior to performing
any work.  If either of them fail, kadmin_dispatch() immediately
returns ENOMEM.

Change-Id: I14fd96afe029a4e74bb769605286ca0e17d25043

kadmin/server.c

@@ -59,22 +59,25 @@ kadmind_dispatch(void *kadm_handlep, krb5_boolean initial,
     char **princs;
     int n_princs;
     int keys_ok = 0;
-    krb5_storage *rsp = NULL; /* response goes here */
+    krb5_storage *rsp; /* response goes here */
-    krb5_storage *sp = NULL;
+    krb5_storage *sp;
     int len;
 
     memset(&ent, 0, sizeof(ent));
     memset(&ent_prev, 0, sizeof(ent_prev));
     krb5_data_zero(out);
 
-    ret = krb5_unparse_name_fixed(contextp->context, contextp->caller,
+    rsp = krb5_storage_emem();
-                                  client, sizeof(client));
+    if (rsp == NULL)
-    if (ret == 0) {
+	return krb5_enomem(contextp->context);
-        rsp = krb5_storage_emem();
+
-        sp = krb5_storage_from_data(in);
+    sp = krb5_storage_from_data(in);
-        if (rsp == NULL || sp == NULL)
+    if (sp == NULL) {
-            ret = krb5_enomem(contextp->context);
+	krb5_storage_free(rsp);
+	return krb5_enomem(contextp->context);
     }
+
+    ret = krb5_unparse_name_fixed(contextp->context, contextp->caller,
     if (ret == 0)
         ret = krb5_ret_int32(sp, &cmd);
     if (ret)