diff --git a/kdc/kx509.c b/kdc/kx509.c index 81a3fd0de..f70b342c2 100644 --- a/kdc/kx509.c +++ b/kdc/kx509.c @@ -694,13 +694,12 @@ check_authz(krb5_context context, _kdc_audit_addkv((kdc_request_t)reqctx, 0, "san0_type", "%s", san_type_s); _kdc_audit_addkv((kdc_request_t)reqctx, 0, "san0", "%s", s); - free(s); } + frees(&s); ret = hx509_request_get_eku(reqctx->csr, 0, &s); - if (ret == 0) { + if (ret == 0) _kdc_audit_addkv((kdc_request_t)reqctx, 0, "eku0", "%s", s); - free(s); - } + free(s); return 0; } if (ret != KRB5_PLUGIN_NO_HANDLE) { diff --git a/kdc/simple_csr_authorizer.c b/kdc/simple_csr_authorizer.c index 4adfffc83..2300eb532 100644 --- a/kdc/simple_csr_authorizer.c +++ b/kdc/simple_csr_authorizer.c @@ -157,6 +157,13 @@ string_encode(const char *in) return s; } +static void +frees(char **s) +{ + free(*s); + *s = NULL; +} + static KRB5_LIB_CALL krb5_error_code authorize(void *ctx, krb5_context context, @@ -235,12 +242,12 @@ authorize(void *ctx, ret = stat(p, &st) == -1 ? errno : 0; free(san); free(p); - free(s); - s = NULL; + frees(&s); if (ret) goto skip; ret = hx509_request_authorize_san(csr, i); } + frees(&s); if (ret == HX509_NO_ITEM) ret = 0; if (ret) @@ -257,8 +264,7 @@ authorize(void *ctx, goto enomem; ret = stat(p, &st) == -1 ? errno : 0; free(p); - free(s); - s = NULL; + frees(&s); if (ret) goto skip; ret = hx509_request_authorize_eku(csr, i); diff --git a/lib/hx509/ca.c b/lib/hx509/ca.c index ca1376ce5..ac0fc56b3 100644 --- a/lib/hx509/ca.c +++ b/lib/hx509/ca.c @@ -2353,7 +2353,6 @@ count_sans(hx509_request req, size_t *n) for (i = 0; ret == 0; i++) { hx509_san_type san_type; - frees(&s); ret = hx509_request_get_san(req, i, &san_type, &s); if (ret) break; @@ -2370,6 +2369,7 @@ count_sans(hx509_request req, size_t *n) } frees(&s); } + free(s); return ret == HX509_NO_ITEM ? 0 : ret; }