From 3138c1836c770621347ef0f9a16e5ffb87d464b3 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Wed, 22 May 2019 14:04:22 +1000
Subject: [PATCH] kuser: plug leak in kinit anonymous PKINIT renew

Do not leak the result of krb5_cc_get_config() when determining anonymous
PKINIT start realm.
---
 kuser/kinit.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/kuser/kinit.c b/kuser/kinit.c
index 5a7d62f41..2f33fc84c 100644
--- a/kuser/kinit.c
+++ b/kuser/kinit.c
@@ -289,15 +289,19 @@ get_anon_pkinit_tgs_name(krb5_context context,
     char *realm;
 
     ret = krb5_cc_get_config(context, ccache, NULL, "anon-pkinit-realm", &data);
-    if (ret == 0) {
-	realm = malloc(data.length + 1);
-	memcpy(realm, data.data, data.length);
-	realm[data.length] = '\0';
-    } else
+    if (ret == 0)
+	realm = strndup(data.data, data.length);
+    else
 	realm = get_default_realm(context);
 
+    krb5_data_free(&data);
+
+    if (realm == NULL)
+	return krb5_enomem(context);
+
     ret = krb5_make_principal(context, tgs_name, realm,
 			      KRB5_TGS_NAME, realm, NULL);
+
     free(realm);
 
     return ret;