Fix memory leak in krb5_verify_init_creds

When copying most of the credentials from one cache to another in
copy_creds_except (called from get_vfy_cred, from
krb5_verify_init_creds), we need to free all of the credentials that
we read, not just the ones we copied.

[ghudson@mit.edu: edited commit message]

ticket: 7875 (new)
target_version: 1.12.2
tags: pullup

diff --git a/src/lib/krb5/krb/vfy_increds.c b/src/lib/krb5/krb/vfy_increds.c
index e88a37f80a9275c9b5992cf46791e4e207d5664c..48339923529be6d46947071943d8eac599162a5b 100644 (file)
--- a/src/lib/krb5/krb/vfy_increds.c
+++ b/src/lib/krb5/krb/vfy_increds.c
@@ -69,9 +69,9 @@ copy_creds_except(krb5_context context, krb5_ccache incc,
 
     while (!(ret = krb5_cc_next_cred(context, incc, &cur, &creds))) {
         if (krb5_principal_compare(context, princ, creds.server))
-            continue;
-
-        ret = krb5_cc_store_cred(context, outcc, &creds);
+            ret = 0;
+        else
+            ret = krb5_cc_store_cred(context, outcc, &creds);
         krb5_free_cred_contents(context, &creds);
         if (ret)
             goto cleanup;