From 9a5c81c684c76a2dc3cb5069c2ea411aad716a03 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 4 May 2009 17:06:43 +0000
Subject: [PATCH] Fix some direct returns in krb5_get_cred_from_kdc_opt which
 would leak memory.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22306 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/gc_frm_kdc.c | 37 +++++++++++++++++++++++------------
 1 file changed, 25 insertions(+), 12 deletions(-)

diff --git a/src/lib/krb5/krb/gc_frm_kdc.c b/src/lib/krb5/krb/gc_frm_kdc.c
index be1e7b463..0cec57aec 100644
--- a/src/lib/krb5/krb/gc_frm_kdc.c
+++ b/src/lib/krb5/krb/gc_frm_kdc.c
@@ -968,8 +968,11 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
         DPRINTF(("gc_from_kdc: no server realm supplied, "
 		 "using client realm.\n"));
 	krb5_free_data_contents(context, &server->realm);
-	if (!( server->realm.data = (char *)malloc(client->realm.length+1)))
-	    return ENOMEM;
+	server->realm.data = malloc(client->realm.length + 1);
+	if (server->realm.data == NULL) {
+	    retval = ENOMEM;
+	    goto cleanup;
+	}
 	memcpy(server->realm.data, client->realm.data, client->realm.length);
 	server->realm.length = client->realm.length;
 	server->realm.data[server->realm.length] = 0;
@@ -1146,7 +1149,7 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
 						&tgtptr->server->data[1],
 						&server->realm);
 	    if (retval)
-		return retval;
+		goto cleanup;
 	    /*
 	     * Future work: rewrite server principal per any
 	     * supplied padata.
@@ -1194,7 +1197,8 @@ krb5_get_cred_from_kdc_opt(krb5_context context, krb5_ccache ccache,
 	     */
 	    DPRINTF(("gc_from_kdc: referral specified "
 		     "but no fallback realm avaiable!\n"));
-	    return KRB5_ERR_HOST_REALM_UNKNOWN;
+	    retval = KRB5_ERR_HOST_REALM_UNKNOWN;
+	    goto cleanup;
 	}
     }
 
@@ -1308,14 +1312,23 @@ cleanup:
 	    if (subretval) {
 #endif
 	        /* Allocate returnable TGT list. */
-	        if (!(*tgts=calloc(sizeof (krb5_creds *), 2)))
-		    return ENOMEM;
-		subretval=krb5_copy_creds(context, referral_tgts[0], &((*tgts)[0]));
-		if(subretval)
-		    return subretval;
-		(*tgts)[1]=NULL;
-		DUMP_PRINC("gc_from_kdc: returning referral TGT for ccache",
-			   (*tgts)[0]->server);
+	        *tgts = calloc(2, sizeof (krb5_creds *));
+		if (*tgts == NULL && retval == 0)
+		    retval = ENOMEM;
+		if (*tgts) {
+		    subretval = krb5_copy_creds(context, referral_tgts[0],
+						&((*tgts)[0]));
+		    if (subretval) {
+			if (retval == 0)
+			    retval = subretval;
+			free(*tgts);
+			*tgts = NULL;
+		    } else {
+			(*tgts)[1] = NULL;
+			DUMP_PRINC("gc_from_kdc: referral TGT for ccache",
+				   (*tgts)[0]->server);
+		    }
+		}
 #if 0
 	    }
 #endif
-- 
2.26.2