krb5 commit [krb5-1.14]: Fix leak in krb5_server_decrypt_ticket_keytab()

Fri Sep 2 17:04:35 EDT 2016

https://github.com/krb5/krb5/commit/84381ce2197ae41165ae479a503c51306660dc62
commit 84381ce2197ae41165ae479a503c51306660dc62
Author: Seemant Choudhary <seemant at soha.io>
Date:   Wed Aug 24 12:20:01 2016 -0400

    Fix leak in krb5_server_decrypt_ticket_keytab()
    
    When we skip a keytab entry because it is of the wrong enctype, free
    it before continuing.
    
    (cherry picked from commit 9984c2343c96f3aaaf8a8d6dfc1b6de1eae533c2)
    
    ticket: 8482
    version_fixed: 1.14.4

 src/lib/krb5/krb/srv_dec_tkt.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/lib/krb5/krb/srv_dec_tkt.c b/src/lib/krb5/krb/srv_dec_tkt.c
index 708a25f..6c92252 100644
--- a/src/lib/krb5/krb/srv_dec_tkt.c
+++ b/src/lib/krb5/krb/srv_dec_tkt.c
@@ -99,8 +99,10 @@ krb5_server_decrypt_ticket_keytab(krb5_context context,
         retval = KRB5_KT_NOTFOUND;
         while ((code = krb5_kt_next_entry(context, keytab,
                                           &ktent, &cursor)) == 0) {
-            if (ktent.key.enctype != ticket->enc_part.enctype)
+            if (ktent.key.enctype != ticket->enc_part.enctype) {
+                (void) krb5_free_keytab_entry_contents(context, &ktent);
                 continue;
+            }
 
             retval = decrypt_ticket_keyblock(context, &ktent.key, ticket);
             if (retval == 0) {
