From 5a761c7f96c33aed3d0d8ecead314f2cba7bb784 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Fri, 7 Apr 2006 21:57:31 +0000
Subject: [PATCH] (krb5_kt_ret_principal): plug a memory leak Coverity NetBSD
 CID#1890

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17013 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/keytab_file.c | 36 ++++++++++++++++++++++++------------
 1 file changed, 24 insertions(+), 12 deletions(-)

diff --git a/lib/krb5/keytab_file.c b/lib/krb5/keytab_file.c
index cc08f6982..673cfcdf6 100644
--- a/lib/krb5/keytab_file.c
+++ b/lib/krb5/keytab_file.c
@@ -164,7 +164,7 @@ krb5_kt_ret_principal(krb5_context context,
     int i;
     int ret;
     krb5_principal p;
-    int16_t tmp;
+    int16_t len;
     
     ALLOC(p, 1);
     if(p == NULL) {
@@ -172,25 +172,34 @@ krb5_kt_ret_principal(krb5_context context,
 	return ENOMEM;
     }
 
-    ret = krb5_ret_int16(sp, &tmp);
-    if(ret)
-	return ret;
+    ret = krb5_ret_int16(sp, &len);
+    if(ret) {
+	krb5_set_error_string(context,
+			      "Failed decoding length of keytab principal");
+	goto out;
+    }
     if(krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS))
-	tmp--;
-    p->name.name_string.len = tmp;
+	len--;
+    if (len < 0) {
+	krb5_set_error_string(context, 
+			      "Keytab principal contains invalid length");
+	ret = KRB5_KT_END;
+	goto out;
+    }
     ret = krb5_kt_ret_string(context, sp, &p->realm);
     if(ret)
-	return ret;
-    p->name.name_string.val = calloc(p->name.name_string.len, 
-				     sizeof(*p->name.name_string.val));
+	goto out;
+    p->name.name_string.val = calloc(len, sizeof(*p->name.name_string.val));
     if(p->name.name_string.val == NULL) {
 	krb5_set_error_string (context, "malloc: out of memory");
-	return ENOMEM;
+	ret = ENOMEM;
+	goto out;
     }
+    p->name.name_string.len = len;
     for(i = 0; i < p->name.name_string.len; i++){
 	ret = krb5_kt_ret_string(context, sp, p->name.name_string.val + i);
 	if(ret)
-	    return ret;
+	    goto out;
     }
     if (krb5_storage_is_flags(sp, KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE))
 	p->name.name_type = KRB5_NT_UNKNOWN;
@@ -199,10 +208,13 @@ krb5_kt_ret_principal(krb5_context context,
 	ret = krb5_ret_int32(sp, &tmp32);
 	p->name.name_type = tmp32;
 	if (ret)
-	    return ret;
+	    goto out;
     }
     *princ = p;
     return 0;
+out:
+    krb5_free_principal(context, p);
+    return ret;
 }
 
 static krb5_error_code