kdc kx509: avoid double free of cprinc and s in check_authz

on error from der_parse_heim_old we early exit via out, which frees
s and cprinc; we should not do so a second time unless we explicitly
NULL the pointers but there is no value in doing so.

kdc/kx509.c

@@ -757,8 +757,6 @@ check_authz(krb5_context context,
             break;
 
         if ((ret = der_parse_heim_oid(s, ".", &oid))) {
-            free(cprinc);
-            free(s);
             goto out;
         }
         for (k = 0; k < sizeof(eku_whitelist)/sizeof(eku_whitelist[0]); k++) {