From 90856e35cc3b26165756df8805e5a4d82a976f48 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Mon, 2 Jan 2023 21:08:45 -0600
Subject: [PATCH] test_csr_authorizer: Fix use-after-free

---
 kdc/test_csr_authorizer.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/kdc/test_csr_authorizer.c b/kdc/test_csr_authorizer.c
index da8de0f52..dbf4c4212 100644
--- a/kdc/test_csr_authorizer.c
+++ b/kdc/test_csr_authorizer.c
@@ -174,11 +174,11 @@ authorize(const char *subject, const char *thing)
         return ENOMEM;
 
     ret = stat_authz(s, thing);
-    free(s);
     if (ret == ENOENT)
         ret = stat_authz(s, "all");
     if (ret == ENOENT)
         ret = EACCES;
+    free(s);
     return ret;
 }
 
@@ -222,7 +222,7 @@ service(void *ctx,
     }
 
     s = cmd + sizeof("check ") - 1;
-    subject = tok = strtok_r(s, " ", &next);
+    subject = strtok_r(s, " ", &next);
     s = NULL;
 
     while ((tok = strtok_r(s, " ", &next))) {