From d9f7718a42d25ade77c26dab1a613d383db3b7db Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sat, 19 Nov 2016 23:59:30 -0500
Subject: [PATCH] gss/krb5: gsskrb5_acceptor_start authenticator leak (take
 two)

Change-Id: I11be62ab806ea89258fe60e29e6d6488908070fa
---
 lib/gssapi/krb5/accept_sec_context.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c
index 60b5bb8f93..d4680e9e8f 100644
--- a/lib/gssapi/krb5/accept_sec_context.c
+++ b/lib/gssapi/krb5/accept_sec_context.c
@@ -537,8 +537,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
 						&ctx->flags,
 						&ctx->fwd_data);
 
-	    krb5_free_authenticator(context, &authenticator);
 	    if (ret) {
+		krb5_free_authenticator(context, &authenticator);
 		return ret;
 	    }
         } else {
@@ -548,9 +548,8 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
 		kret = krb5_crypto_init(context,
 					ctx->auth_context->keyblock,
 					0, &crypto);
-		if(kret) {
+		if (kret) {
 		    krb5_free_authenticator(context, &authenticator);
-
 		    ret = GSS_S_FAILURE;
 		    *minor_status = kret;
 		    return ret;
@@ -564,10 +563,10 @@ gsskrb5_acceptor_start(OM_uint32 * minor_status,
 		kret = krb5_verify_checksum(context,
 					    crypto, KRB5_KU_AP_REQ_AUTH_CKSUM, NULL, 0,
 					    authenticator->cksum);
-		krb5_free_authenticator(context, &authenticator);
 		krb5_crypto_destroy(context, crypto);
 
-		if(kret) {
+		if (kret) {
+		    krb5_free_authenticator(context, &authenticator);
 		    ret = GSS_S_BAD_SIG;
 		    *minor_status = kret;
 		    return ret;