Fix leak on error in kadm5 randkey handling

An attempt to change the kadmin/history key with the -keepold flag would leak the KDB entry and keysalt tuple as it returned an error. Use the cleanup handler instead of returning directly. Reported by Bean Zhang. (cherry picked from commit c4bdb3a1c890149a472ed98a94cf85316b143265) ticket: 8759 version_fixed: 1.15.4
author: Greg Hudson <ghudson@mit.edu> 2018-10-25 11:56:58 -0400
committer: Greg Hudson <ghudson@mit.edu> 2018-10-29 22:27:04 -0400
commit: 8ce051e31b7e47fc22421576f87549c1ca318302 (patch)
tree: e5165fd216856cbd5fb4da5882071b59b8cae836
parent: 6079814ef5668971501041451eb258584e1b60f3 (diff)
download: krb5-8ce051e31b7e47fc22421576f87549c1ca318302.zip
krb5-8ce051e31b7e47fc22421576f87549c1ca318302.tar.gz
krb5-8ce051e31b7e47fc22421576f87549c1ca318302.tar.bz2
1 files changed, 4 insertions, 2 deletions
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index a35c249..cb76780 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1582,8 +1582,10 @@ kadm5_randkey_principal_3(void *server_handle,
     if (krb5_principal_compare(handle->context, principal, hist_princ)) {
         /* If changing the history entry, the new entry must have exactly one
          * key. */
-        if (keepold)
-            return KADM5_PROTECT_PRINCIPAL;
+        if (keepold) {
+            ret = KADM5_PROTECT_PRINCIPAL;
+            goto done;
+        }
         new_n_ks_tuple = 1;
     }
author	Greg Hudson <ghudson@mit.edu>	2018-10-25 11:56:58 -0400
committer	Greg Hudson <ghudson@mit.edu>	2018-10-29 22:27:04 -0400
commit	8ce051e31b7e47fc22421576f87549c1ca318302 (patch)
tree	e5165fd216856cbd5fb4da5882071b59b8cae836
parent	6079814ef5668971501041451eb258584e1b60f3 (diff)
download	krb5-8ce051e31b7e47fc22421576f87549c1ca318302.zip krb5-8ce051e31b7e47fc22421576f87549c1ca318302.tar.gz krb5-8ce051e31b7e47fc22421576f87549c1ca318302.tar.bz2