s3: Fix a memleak in check_pac_checksum
authorVolker Lendecke <vl@samba.org>
Tue, 4 May 2010 11:54:51 +0000 (13:54 +0200)
committerVolker Lendecke <vl@samba.org>
Tue, 4 May 2010 10:00:13 +0000 (12:00 +0200)
source3/libads/authdata.c

index ed158ee2d8c0cf2387768720247d947413054f2c..ee2dbde02c9e24782dc9865add0e31181fa2d4ae 100644 (file)
@@ -100,6 +100,8 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
        DATA_BLOB *srv_sig_blob = NULL;
        DATA_BLOB *kdc_sig_blob = NULL;
 
+       bool bool_ret;
+
        *pac_data_out = NULL;
 
        pac_data = TALLOC_ZERO_P(mem_ctx, struct PAC_DATA);
@@ -292,10 +294,14 @@ static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       if (!smb_krb5_principal_compare_any_realm(context, client_principal, client_principal_pac)) {
+       bool_ret = smb_krb5_principal_compare_any_realm(
+               context, client_principal, client_principal_pac);
+
+       krb5_free_principal(context, client_principal_pac);
+
+       if (!bool_ret) {
                DEBUG(2, ("Name in PAC [%s] does not match principal name in ticket\n",
                          logon_name->account_name));
-               krb5_free_principal(context, client_principal_pac);
                return NT_STATUS_ACCESS_DENIED;
        }