From 7d103f865714cae0f646112db4d9b920000a6e0d Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 25 Feb 2022 03:00:18 +0100
Subject: [PATCH] hdb: Fix crashes with WRONG_REALM

With HDB_ERR_WRONG_REALM the backend needs to expose the
principal, so we should not free the entry otherwise
the main kdc code will crash.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 lib/hdb/common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/hdb/common.c b/lib/hdb/common.c
index a30dfec21..a92cc1372 100644
--- a/lib/hdb/common.c
+++ b/lib/hdb/common.c
@@ -1575,7 +1575,7 @@ fetch_it(krb5_context context,
     }
 
 out:
-    if (ret)
+    if (ret != 0 && ret != HDB_ERR_WRONG_REALM)
         hdb_free_entry(context, db, ent);
     krb5_free_principal(context, nsprinc);
     free(host);