Fix krb5_get_init_creds_password() pwchange leak

When krb5_get_init_creds_password() attempts to change the password, make sure to free code_string along all exit paths. ticket: 8440 (new) target_version: 1.14-next target_version: 1.13-next tags: pullup
krb5 · Aug 10, 2016 · 3e5f770 · 3e5f770
1 parent 20fcbf2
commit 3e5f770
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
@@ -442,6 +442,7 @@ krb5_get_init_creds_password(krb5_context context,
             /* the change succeeded.  go on */
 
             if (result_code == 0) {
+                free(code_string.data);
                 free(result_string.data);
                 break;
             }
@@ -451,6 +452,7 @@ krb5_get_init_creds_password(krb5_context context,
             ret = KRB5_CHPW_FAIL;
 
             if (result_code != KRB5_KPASSWD_SOFTERROR) {
+                free(code_string.data);
                 free(result_string.data);
                 goto cleanup;
             }