summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2010-05-04 13:54:51 +0200
committerVolker Lendecke <vl@samba.org>2010-05-04 12:00:13 +0200
commita7b06f4c0d62b570e77360e7e29b805410379b78 (patch)
treeb8ae80eae63853190135da40ec1f699015d46acf
parent6eb839cd1695ce8da991c19611210eefda902c0f (diff)
downloadsamba-a7b06f4c0d62b570e77360e7e29b805410379b78.tar.gz
samba-a7b06f4c0d62b570e77360e7e29b805410379b78.tar.bz2
samba-a7b06f4c0d62b570e77360e7e29b805410379b78.zip
s3: Fix a memleak in check_pac_checksum
-rw-r--r--source3/libads/authdata.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index ed158ee2d8..ee2dbde02c 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -100,6 +100,8 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
DATA_BLOB *srv_sig_blob = NULL;
DATA_BLOB *kdc_sig_blob = NULL;
+ bool bool_ret;
+
*pac_data_out = NULL;
pac_data = TALLOC_ZERO_P(mem_ctx, struct PAC_DATA);
@@ -292,10 +294,14 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- if (!smb_krb5_principal_compare_any_realm(context, client_principal, client_principal_pac)) {
+ bool_ret = smb_krb5_principal_compare_any_realm(
+ context, client_principal, client_principal_pac);
+
+ krb5_free_principal(context, client_principal_pac);
+
+ if (!bool_ret) {
DEBUG(2, ("Name in PAC [%s] does not match principal name in ticket\n",
logon_name->account_name));
- krb5_free_principal(context, client_principal_pac);
return NT_STATUS_ACCESS_DENIED;
}