krb5 commit [krb5-1.16]: Fix leak on error in kadm5 randkey handling

[Greg Hudson]

https://github.com/krb5/krb5/commit/60766c9854e8a03afdd22258b38832a13fb584ff
commit 60766c9854e8a03afdd22258b38832a13fb584ff
Author: Greg Hudson <ghudson at mit.edu>
Date:   Thu Oct 25 11:56:58 2018 -0400

    Fix leak on error in kadm5 randkey handling
    
    An attempt to change the kadmin/history key with the -keepold flag
    would leak the KDB entry and keysalt tuple as it returned an error.
    Use the cleanup handler instead of returning directly.  Reported by
    Bean Zhang.
    
    (cherry picked from commit c4bdb3a1c890149a472ed98a94cf85316b143265)
    
    ticket: 8759
    version_fixed: 1.16.2

 src/lib/kadm5/srv/svr_principal.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index a59a65e..21c53ec 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1564,8 +1564,10 @@ kadm5_randkey_principal_3(void *server_handle,
     if (krb5_principal_compare(handle->context, principal, hist_princ)) {
         /* If changing the history entry, the new entry must have exactly one
          * key. */
-        if (keepold)
-            return KADM5_PROTECT_PRINCIPAL;
+        if (keepold) {
+            ret = KADM5_PROTECT_PRINCIPAL;
+            goto done;
+        }
         new_n_ks_tuple = 1;
     }