gss: free user keytab before resolving system keytab

get_client_keytab() leaked the user keytab if it resolved but we could not find
the client principal. Free it before trying the system keytab.

diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c
index 4ccad45dd202c201c70ffaa6c145474757ec1976..ba5d48fadab6b97e7803cc64014bef1117819616 100644 (file)
--- a/lib/gssapi/krb5/acquire_cred.c
+++ b/lib/gssapi/krb5/acquire_cred.c
@@ -157,8 +157,14 @@ get_client_keytab(krb5_context context,
            krb5_kt_free_entry(context, &entry);
     }
 
-    if (ret)
+    if (ret) {
+       if (*keytab) {
+           krb5_kt_close(context, *keytab);
+           *keytab = NULL;
+       }
+
        ret = get_system_keytab(context, GSS_C_NO_CRED_STORE, keytab);
+    }
 
     return ret;
 }