krb5 commit: Fix memory leak in KDC PKINIT code

Fri Feb 23 20:37:47 EST 2018

https://github.com/krb5/krb5/commit/cefc250efd71515dd665b606bcb993e617068758
commit cefc250efd71515dd665b606bcb993e617068758
Author: sashan <anedvedicky at gmail.com>
Date:   Tue Feb 20 23:03:36 2018 +0100

    Fix memory leak in KDC PKINIT code
    
    Commit e5c77a11341a79e6af1e5aef7c587a5b75a9e378 introduced a memory
    leak of the client public key in server_process_dh().  Free
    client_pubkey on success as well as failure.
    
    ticket: 8644 (new)
    target_version: 1.16-next
    target_version: 1.15-next
    tags: pullup

 src/plugins/preauth/pkinit/pkinit_crypto_openssl.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index ac107c2..0c8dd7e 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -2979,6 +2979,7 @@ server_process_dh(krb5_context context,
 
     retval = 0;
 
+    BN_free(client_pubkey);
     if (dh_server != NULL)
         DH_free(dh_server);
     return retval;
