From a47c4e68308331a630480cb62c2b7711432e0123 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Tue, 11 Mar 2014 13:33:23 -0400
Subject: Don't leak the per-request preauth context

Currently, per-request preauth module data is only cleared when we
successfully obtain initial credentials.  Make sure to clear it at the
end of the operation even if we failed to get creds.

[ghudson@mit.edu: expanded commit message]

ticket: 7793
target_version: 1.12.2
tags: pullup
---
 src/lib/krb5/krb/get_in_tkt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index ebd28440d..ebcb36213 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -488,6 +488,7 @@ krb5_init_creds_free(krb5_context context,
     k5_response_items_free(ctx->rctx.items);
     free(ctx->in_tkt_service);
     zapfree(ctx->gakpw.storage.data, ctx->gakpw.storage.length);
+    k5_preauth_request_context_fini(context);
     krb5_free_error(context, ctx->err_reply);
     krb5_free_pa_data(context, ctx->err_padata);
     krb5_free_cred_contents(context, &ctx->cred);
-- 
cgit