krb5 commit: Fix krb5 gss_acquire_cred() leak on some errors

[ghudson at mit.edu]

https://github.com/krb5/krb5/commit/a6512164a71ca2ade20d1cf3bf89b3973092eb48
commit a6512164a71ca2ade20d1cf3bf89b3973092eb48
Author: benpope81 <benpope81 at gmail.com>
Date:   Tue Nov 11 12:13:56 2025 +0000

    Fix krb5 gss_acquire_cred() leak on some errors
    
    When a krb5 acceptor cred is acquired with a specified name, a late
    enough failure can leak the acceptor_mprinc field.  Fix this leak by
    freeing the field in the acquire_cred_context() error_out cleanup
    code.
    
    [ghudson at mit.edu: rewrote commit message]
    
    ticket: 9189 (new)
    tags: pullup
    target_version: 1.22-next

 src/lib/gssapi/krb5/acquire_cred.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib/gssapi/krb5/acquire_cred.c b/src/lib/gssapi/krb5/acquire_cred.c
index aa1a486dc..12e6b7ea8 100644
--- a/src/lib/gssapi/krb5/acquire_cred.c
+++ b/src/lib/gssapi/krb5/acquire_cred.c
@@ -912,6 +912,7 @@ error_out:
         if (cred->name)
             kg_release_name(context, &cred->name);
         krb5_free_principal(context, cred->impersonator);
+        krb5_free_principal(context, cred->acceptor_mprinc);
         zapfreestr(cred->password);
         k5_mutex_destroy(&cred->lock);
         xfree(cred);