From cdaf240f8cbd206e2102c990ea22f186002d7441 Mon Sep 17 00:00:00 2001
From: Steve Syfuhs <stsyfuhs@microsoft.com>
Date: Mon, 24 Jul 2023 11:26:44 -0700
Subject: [PATCH] Don't leak that

---
 Kerberos.NET/Win32/LsaInterop.cs | 40 +++++++++++++++++---------------
 1 file changed, 21 insertions(+), 19 deletions(-)

diff --git a/Kerberos.NET/Win32/LsaInterop.cs b/Kerberos.NET/Win32/LsaInterop.cs
index 579b3071..836da2a6 100644
--- a/Kerberos.NET/Win32/LsaInterop.cs
+++ b/Kerberos.NET/Win32/LsaInterop.cs
@@ -288,23 +288,24 @@ public unsafe IEnumerable<KerberosClientCacheEntry> GetTicketCache(long luid = 0
                 pRequest->MessageType = KERB_PROTOCOL_MESSAGE_TYPE.KerbQueryTicketCacheEx3Message;
                 pRequest->LogonId = luid;
 
-                var response = this.LsaCallAuthenticationPackageWithReturn(pRequest, bufferSize);
-
-                return WithFixedBuffer(response, p =>
+                using (var response = this.LsaCallAuthenticationPackageWithReturn(pRequest, bufferSize))
                 {
-                    var pCacheResponse = (KERB_QUERY_TKT_CACHE_EX3_RESPONSE*)p;
+                    return WithFixedBuffer(response, p =>
+                    {
+                        var pCacheResponse = (KERB_QUERY_TKT_CACHE_EX3_RESPONSE*)p;
 
-                    var cacheResult = new List<KerberosClientCacheEntry>();
+                        var cacheResult = new List<KerberosClientCacheEntry>();
 
-                    for (var i = 0; i < pCacheResponse->CountOfTickets; i++)
-                    {
-                        var ticket = (&pCacheResponse->Tickets)[i];
+                        for (var i = 0; i < pCacheResponse->CountOfTickets; i++)
+                        {
+                            var ticket = (&pCacheResponse->Tickets)[i];
 
-                        cacheResult.Add(ticket.ToCacheEntry());
-                    }
+                            cacheResult.Add(ticket.ToCacheEntry());
+                        }
 
-                    return cacheResult;
-                });
+                        return cacheResult;
+                    });
+                }
             });
         }
 
@@ -366,16 +367,17 @@ public unsafe KrbCred GetTicket(string spn, long luid = 0)
 
                 SetString(spn, pRequest, ref pRequest->TargetName, ref requestSize);
 
-                var response = this.LsaCallAuthenticationPackageWithReturn(pRequest, bufferSize);
-
-                return WithFixedBuffer(response, p =>
+                using (var response = this.LsaCallAuthenticationPackageWithReturn(pRequest, bufferSize))
                 {
-                    var pResponse = (KERB_RETRIEVE_TKT_RESPONSE*)p;
+                    return WithFixedBuffer(response, p =>
+                    {
+                        var pResponse = (KERB_RETRIEVE_TKT_RESPONSE*)p;
 
-                    var cred = new Span<byte>(pResponse->Ticket.EncodedTicket, pResponse->Ticket.EncodedTicketSize);
+                        var cred = new Span<byte>(pResponse->Ticket.EncodedTicket, pResponse->Ticket.EncodedTicketSize);
 
-                    return KrbCred.DecodeApplication(cred.ToArray());
-                });
+                        return KrbCred.DecodeApplication(cred.ToArray());
+                    });
+                }
             });
         }