Fix krb5_rd_req() memory leak

In release 1.13, commit eba8c49 (ticket #7232) introduced a memory leak when skipping keytab entries which do not match the application-provided server specification. Fix it by freeing the keytab entry before continuing the loop on a failure to match. [ghudson@mit.edu: commit message] (cherry picked from commit 3aa8506) ticket: 8239 version_fixed: 1.13.3 status: resolved
krb5 · Sep 16, 2015 · 721e80d · 721e80d
1 parent 5250332
commit 721e80d
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c
@@ -396,6 +396,7 @@ decrypt_ticket(krb5_context context, const krb5_ap_req *req,
         if (!krb5_sname_match(context, server, ent.principal)) {
             if (krb5_principal_compare(context, ent.principal, tkt_server))
                 tkt_server_mismatch = TRUE;
+            (void)krb5_free_keytab_entry_contents(context, &ent);
             continue;
         }
         found_server_match = TRUE;