[krbdev.mit.edu #1470] preauth2.c leaks memory, double frees memory and uses freed data

[Sam Hartman via RT]

krb5_do_preauth and krb5_get_init_creds have bad memory management
interactions.

The following can happen as an example:

1) krb5_get_init_creds calls krb5_do_preauth
2) krb5_do_preauth sets up salt by copying
a pointer out of etype_info
3) krb5_do_preauth calls krb5_free_etype_info
4) krb5_do_preauth returns the salt pointer it set up in 2
5) krb5_get_init_creds  calls gak_fct
with the salt pointer from 2
6) After gak_fct returns  krb5_get_init_creds frees the salt.

This looks like a double free and a use of freed memory.


I think there may be other paths that involve leaks.