From 3ff12a7fcd8ac4637a5bf3d24a3e742ab1099e2e Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Sat, 31 Dec 2022 00:52:34 -0600
Subject: [PATCH] kdc: Fix ENOMEM double-free in IPC CSR authorizer

---
 kdc/ipc_csr_authorizer.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/kdc/ipc_csr_authorizer.c b/kdc/ipc_csr_authorizer.c
index 87d6deb26..86717f6f9 100644
--- a/kdc/ipc_csr_authorizer.c
+++ b/kdc/ipc_csr_authorizer.c
@@ -611,9 +611,10 @@ authorize(void *ctx,
     hx509_request_authorize_ku(csr, ku);
 
     if (do_check) {
-        if ((s = rk_strpoolcollect(cmd)) == NULL)
-            goto enomem;
+        s = rk_strpoolcollect(cmd);
         cmd = NULL;
+        if (s == NULL)
+            goto enomem;
         if ((ret = call_svc(context, ipc, csr, s, piecemeal_check_ok)))
             goto out;
     } /* else there was nothing to check -> permit */