From a7b06f4c0d62b570e77360e7e29b805410379b78 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl@samba.org>
Date: Tue, 4 May 2010 13:54:51 +0200
Subject: s3: Fix a memleak in check_pac_checksum

---
 source3/libads/authdata.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'source3')

diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index ed158ee2d8..ee2dbde02c 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -100,6 +100,8 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
 	DATA_BLOB *srv_sig_blob = NULL;
 	DATA_BLOB *kdc_sig_blob = NULL;
 
+	bool bool_ret;
+
 	*pac_data_out = NULL;
 
 	pac_data = TALLOC_ZERO_P(mem_ctx, struct PAC_DATA);
@@ -292,10 +294,14 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (!smb_krb5_principal_compare_any_realm(context, client_principal, client_principal_pac)) {
+	bool_ret = smb_krb5_principal_compare_any_realm(
+		context, client_principal, client_principal_pac);
+
+	krb5_free_principal(context, client_principal_pac);
+
+	if (!bool_ret) {
 		DEBUG(2, ("Name in PAC [%s] does not match principal name in ticket\n",
 			  logon_name->account_name));
-		krb5_free_principal(context, client_principal_pac);
 		return NT_STATUS_ACCESS_DENIED;
 	}
 
-- 
cgit