Fix krb5_get_init_creds_password() pwchange leak

When krb5_get_init_creds_password() attempts to change the password, make sure to free code_string along all exit paths. (cherry picked from commit 3e5f7709e1928f1e814c427f2811d9204a167439) ticket: 8440 version_fixed: 1.13.7
author: Greg Hudson <ghudson@mit.edu> 2016-06-28 14:52:31 -0400
committer: Tom Yu <tlyu@mit.edu> 2016-09-02 18:30:08 -0400
commit: 92ed15de11eb9995bbbc7c8c0502ac9da2a1668e (patch)
tree: 3c73d0c736ebbd95411e7bf22fa0629d7724b71d
parent: 7dd659b97df5799d429b8afcbb0b6b804d3feabf (diff)
download: krb5-92ed15de11eb9995bbbc7c8c0502ac9da2a1668e.zip
krb5-92ed15de11eb9995bbbc7c8c0502ac9da2a1668e.tar.gz
krb5-92ed15de11eb9995bbbc7c8c0502ac9da2a1668e.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index e95673f..298f075 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -443,6 +443,7 @@ krb5_get_init_creds_password(krb5_context context,
             /* the change succeeded.  go on */
 
             if (result_code == 0) {
+                free(code_string.data);
                 free(result_string.data);
                 break;
             }
@@ -452,6 +453,7 @@ krb5_get_init_creds_password(krb5_context context,
             ret = KRB5_CHPW_FAIL;
 
             if (result_code != KRB5_KPASSWD_SOFTERROR) {
+                free(code_string.data);
                 free(result_string.data);
                 goto cleanup;
             }
author	Greg Hudson <ghudson@mit.edu>	2016-06-28 14:52:31 -0400
committer	Tom Yu <tlyu@mit.edu>	2016-09-02 18:30:08 -0400
commit	92ed15de11eb9995bbbc7c8c0502ac9da2a1668e (patch)
tree	3c73d0c736ebbd95411e7bf22fa0629d7724b71d
parent	7dd659b97df5799d429b8afcbb0b6b804d3feabf (diff)
download	krb5-92ed15de11eb9995bbbc7c8c0502ac9da2a1668e.zip krb5-92ed15de11eb9995bbbc7c8c0502ac9da2a1668e.tar.gz krb5-92ed15de11eb9995bbbc7c8c0502ac9da2a1668e.tar.bz2