gensec_krb5: Do not leak memory of target_principal

CID 1372504

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep  9 04:20:04 CEST 2016 on sn-devel-144

diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 404ffaf14554ac99fe37da4d605fd3f5e622714b..1dcbb9160c97e778327eb34fc1e94ba5a7881cb7 100644 (file)
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -339,12 +339,16 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
                                                    ccache_container->ccache,
                                                    &this_cred.client);
                        if (ret != 0) {
+                               krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
+                                                   target_principal);
                                return NT_STATUS_UNSUCCESSFUL;
                        }
 
                        ret = krb5_copy_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
                                                  target_principal,
                                                  &this_cred.server);
+                       krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
+                                           target_principal);
                        if (ret != 0) {
                                krb5_free_cred_contents(gensec_krb5_state->smb_krb5_context->krb5_context,
                                                        &this_cred);
@@ -369,9 +373,6 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
                                                   in_data_p,
                                                   cred,
                                                   &gensec_krb5_state->enc_ticket);
-
-                       krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context, 
-                                           target_principal);
                }
        } else {
                ret = krb5_mk_req(gensec_krb5_state->smb_krb5_context->krb5_context,