s3: Fix a memleak in check_pac_checksum

author: Volker Lendecke <vl@samba.org> 2010-05-04 13:54:51 +0200
committer: Volker Lendecke <vl@samba.org> 2010-05-04 12:00:13 +0200
commit: a7b06f4c0d62b570e77360e7e29b805410379b78 (patch)
tree: b8ae80eae63853190135da40ec1f699015d46acf
parent: 6eb839cd1695ce8da991c19611210eefda902c0f (diff)
download: samba-a7b06f4c0d62b570e77360e7e29b805410379b78.tar.gz
samba-a7b06f4c0d62b570e77360e7e29b805410379b78.tar.bz2
samba-a7b06f4c0d62b570e77360e7e29b805410379b78.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index ed158ee2d8..ee2dbde02c 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -100,6 +100,8 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
 	DATA_BLOB *srv_sig_blob = NULL;
 	DATA_BLOB *kdc_sig_blob = NULL;
 
+	bool bool_ret;
+
 	*pac_data_out = NULL;
 
 	pac_data = TALLOC_ZERO_P(mem_ctx, struct PAC_DATA);
@@ -292,10 +294,14 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (!smb_krb5_principal_compare_any_realm(context, client_principal, client_principal_pac)) {
+	bool_ret = smb_krb5_principal_compare_any_realm(
+		context, client_principal, client_principal_pac);
+
+	krb5_free_principal(context, client_principal_pac);
+
+	if (!bool_ret) {
 		DEBUG(2, ("Name in PAC [%s] does not match principal name in ticket\n",
 			  logon_name->account_name));
-		krb5_free_principal(context, client_principal_pac);
 		return NT_STATUS_ACCESS_DENIED;
 	}
author	Volker Lendecke <vl@samba.org>	2010-05-04 13:54:51 +0200
committer	Volker Lendecke <vl@samba.org>	2010-05-04 12:00:13 +0200
commit	a7b06f4c0d62b570e77360e7e29b805410379b78 (patch)
tree	b8ae80eae63853190135da40ec1f699015d46acf
parent	6eb839cd1695ce8da991c19611210eefda902c0f (diff)
download	samba-a7b06f4c0d62b570e77360e7e29b805410379b78.tar.gz samba-a7b06f4c0d62b570e77360e7e29b805410379b78.tar.bz2 samba-a7b06f4c0d62b570e77360e7e29b805410379b78.zip