From 5a561981619fe21fb5543926a70a10e461355f6e Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Thu, 5 Aug 2021 16:05:45 +1000
Subject: [PATCH] hdb: fix leaks in alias handling

fetch_entry_or_alias() in libhdb failed to free the alias DB value or
principal, causing a leak
---
 lib/hdb/common.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/hdb/common.c b/lib/hdb/common.c
index d211fa2b9..798236a98 100644
--- a/lib/hdb/common.c
+++ b/lib/hdb/common.c
@@ -184,11 +184,14 @@ fetch_entry_or_alias(krb5_context context,
     } else if (ret == 0 && eoa.element == choice_HDB_EntryOrAlias_alias) {
         krb5_data_free(&key);
 	ret = hdb_principal2key(context, eoa.u.alias.principal, &key);
-        if (ret == 0)
+        if (ret == 0) {
+	    krb5_data_free(&value);
             ret = db->hdb__get(context, db, key, &value);
+	}
         if (ret == 0)
             /* No alias chaining */
             ret = hdb_value2entry(context, &value, &entry->entry);
+	krb5_free_principal(context, eoa.u.alias.principal);
     } else if (ret == 0)
         ret = ENOTSUP;
     if (ret == 0 && enterprise_principal) {