Fix krb5_get_init_creds_password() pwchange leak

When krb5_get_init_creds_password() attempts to change the password, make sure to free code_string along all exit paths. (cherry picked from commit 3e5f770) ticket: 8440 version_fixed: 1.13.7
krb5 · Sep 2, 2016 · 92ed15d · 92ed15d
1 parent 7dd659b
commit 92ed15d
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
@@ -443,6 +443,7 @@ krb5_get_init_creds_password(krb5_context context,
             /* the change succeeded.  go on */
 
             if (result_code == 0) {
+                free(code_string.data);
                 free(result_string.data);
                 break;
             }
@@ -452,6 +453,7 @@ krb5_get_init_creds_password(krb5_context context,
             ret = KRB5_CHPW_FAIL;
 
             if (result_code != KRB5_KPASSWD_SOFTERROR) {
+                free(code_string.data);
                 free(result_string.data);
                 goto cleanup;
             }