From e0929d16b76052f8862b6367d5b561040d799153 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Fri, 17 Dec 2021 13:41:55 +1100
Subject: [PATCH] kdc: don't leak msg in pa_enc_chal_validate()

Move initialization of msg in pa_enc_chal_validate() to avoid leak on invalid
password.
---
 kdc/kerberos5.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index ea9735554..7de2ca3a2 100644
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -681,7 +681,7 @@ pa_enc_chal_validate(astgs_request_t r,
 					      r->cname);
 	krb5_crypto_destroy(r->context, challengecrypto);
 	if (ret) {
-	    const char *msg = krb5_get_error_message(r->context, ret);
+	    const char *msg;
 	    krb5_error_code ret2;
 	    char *str = NULL;
 
@@ -695,6 +695,7 @@ pa_enc_chal_validate(astgs_request_t r,
 	    ret2 = krb5_enctype_to_string(r->context, k->key.keytype, &str);
 	    if (ret2)
 		str = NULL;
+	    msg = krb5_get_error_message(r->context, ret);
 	    _kdc_r_log(r, 2, "Failed to decrypt ENC-CHAL -- %s "
 		       "(enctype %s) error %s",
 		       r->cname, str ? str : "unknown enctype", msg);