From 989a7c33797c8626df58725ce5c6701ee6560015 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sat, 19 Nov 2016 08:23:06 -0500
Subject: [PATCH] kadm5: kadm5_add_passwd_quality_verifier memory leak

if krb5_get_config_strings() returns the empty string do not return
immediately.  Instead the for() loop will be skipped because the empty
string represents the end of the string list permitting
krb5_config_free_strings() to free the allocated memory.

Change-Id: Ia6fdb13f716c07b53c8b3857af4f7ab8be578882
---
 lib/kadm5/password_quality.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/kadm5/password_quality.c b/lib/kadm5/password_quality.c
index 723ff7a3a6..8b17a481f0 100644
--- a/lib/kadm5/password_quality.c
+++ b/lib/kadm5/password_quality.c
@@ -378,7 +378,7 @@ kadm5_add_passwd_quality_verifier(krb5_context context,
 #ifdef HAVE_DLOPEN
 
     if(check_library == NULL) {
-	krb5_error_code ret;
+	krb5_error_code ret = 0;
         char **strs;
 	char **tmp;
 
@@ -386,7 +386,7 @@ kadm5_add_passwd_quality_verifier(krb5_context context,
 				       "password_quality",
 				       "policy_libraries",
 				       NULL);
-	if(strs == NULL || *strs == NULL)
+	if (strs == NULL)
 	    return 0;
 
 	for (tmp = strs; *tmp; tmp++) {