gss/krb5: gsskrb5_acceptor_start authenticator leak (take two)

Change-Id: I11be62ab806ea89258fe60e29e6d6488908070fa
2016-11-19 23:59:30 -05:00
parent 2be6646adc
commit d9f7718a42
1 changed files with 4 additions and 5 deletions
--- a/lib/gssapi/krb5/accept_sec_context.c
+++ b/lib/gssapi/krb5/accept_sec_context.c
@@ -537,8 +537,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
 						&ctx->flags,
 						&ctx->fwd_data);

-	    krb5_free_authenticator(context, &authenticator);
 	    if (ret) {
+		krb5_free_authenticator(context, &authenticator);
 		return ret;
 	    }
        } else {
@@ -548,9 +548,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
 		kret = krb5_crypto_init(context,
 					ctx->auth_context->keyblock,
 					0, &crypto);
-		if(kret) {
+		if (kret) {
 		    krb5_free_authenticator(context, &authenticator);
-
 		    ret = GSS_S_FAILURE;
 		    *minor_status = kret;
 		    return ret;
@@ -564,10 +563,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
 		kret = krb5_verify_checksum(context,
 					    crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0,
 					    authenticator->cksum);
-		krb5_free_authenticator(context, &authenticator);
 		krb5_crypto_destroy(context, crypto);

-		if(kret) {
+		if (kret) {
+		    krb5_free_authenticator(context, &authenticator);
 		    ret = GSS_S_BAD_SIG;
 		    *minor_status = kret;
 		    return ret;