From 4a8b588dc081ff8931eb405076cd237ab4728ac0 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Tue, 6 Sep 2016 12:09:47 +0200
Subject: [PATCH] gensec_krb5: Do not leak memory of target_principal

CID 1372504

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep  9 04:20:04 CEST 2016 on sn-devel-144
---
 source4/auth/gensec/gensec_krb5.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 404ffaf14554..1dcbb9160c97 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -339,12 +339,16 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
 						    ccache_container->ccache,
 						    &this_cred.client);
 			if (ret != 0) {
+				krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
+						    target_principal);
 				return NT_STATUS_UNSUCCESSFUL;
 			}
 
 			ret = krb5_copy_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
 						  target_principal,
 						  &this_cred.server);
+			krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context,
+					    target_principal);
 			if (ret != 0) {
 				krb5_free_cred_contents(gensec_krb5_state->smb_krb5_context->krb5_context,
 							&this_cred);
@@ -369,9 +373,6 @@ static NTSTATUS gensec_krb5_common_client_creds(struct gensec_security *gensec_s
 						   in_data_p,
 						   cred,
 						   &gensec_krb5_state->enc_ticket);
-
-			krb5_free_principal(gensec_krb5_state->smb_krb5_context->krb5_context, 
-					    target_principal);
 		}
 	} else {
 		ret = krb5_mk_req(gensec_krb5_state->smb_krb5_context->krb5_context, 
-- 
2.34.1