krb5_walk_realm_tree leaks in capaths case

Markus Moeller reports a leak in krb5_get_credentials() which was then
traced down to profile strings leaking from within
krb5_walk_realm_tree().  A pointer to a profile string was getting
overwritten without the string being freed when *cap_nodes[0] == '.'.
Fix is to free the string prior to overwriting the pointer if the
pointer is non-null.

ticket: new
target_version: 1.6.2
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19582 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/walk_rtree.c b/src/lib/krb5/krb/walk_rtree.c
index 7210be7c716c33b80fb913b85e6a9617acdee0ef..c4673caa8c67b2f03a7696ff9ff602359de85f03 100644 (file)
--- a/src/lib/krb5/krb/walk_rtree.c
+++ b/src/lib/krb5/krb/walk_rtree.c
@@ -167,6 +167,9 @@ krb5_walk_realm_tree(krb5_context context, const krb5_data *client, const krb5_d
                links++;
            }
        }
+       if (cap_nodes[links] != NULL)
+           krb5_xfree(cap_nodes[links]);
+
        cap_nodes[links] = cap_server; /* put server on end of list */
        /* this simplifies the code later and make */
        /* cleanup eaiser as well */