From bfcc7a90ed1a7fcbe214d6bf29f7f98a0374be8f Mon Sep 17 00:00:00 2001
From: Daria Phoebe Brashear <dariaphoebe@auristor.com>
Date: Fri, 10 Jan 2020 12:51:20 -0500
Subject: [PATCH] kdc kx509: avoid double free of cprinc and s in check_authz

on error from der_parse_heim_old we early exit via out, which frees
s and cprinc; we should not do so a second time unless we explicitly
NULL the pointers but there is no value in doing so.
---
 kdc/kx509.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/kdc/kx509.c b/kdc/kx509.c
index f3afe9f65..79d62aef8 100644
--- a/kdc/kx509.c
+++ b/kdc/kx509.c
@@ -757,8 +757,6 @@ check_authz(krb5_context context,
             break;
 
         if ((ret = der_parse_heim_oid(s, ".", &oid))) {
-            free(cprinc);
-            free(s);
             goto out;
         }
         for (k = 0; k < sizeof(eku_whitelist)/sizeof(eku_whitelist[0]); k++) {