[krbdev.mit.edu #6284] memory leaks in error conditions

[Zhanna Tsitkova via RT]

diff -Nur -x '*~' -x '*.orig' -x '*.rej' -x '*.pbxbtree' -x '*.pbxindex' -x lha.mode1v3 -x lha.mode2v3 -x lha.pbxuser -x windows -x .DS_Store Kerberos.AEP-6.5fc1.orig/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c Kerberos.AEP-6.5fc1/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c
--- Kerberos.AEP-6.5fc1.orig/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c	2008-11-09 21:03:38.000000000 -0800
+++ Kerberos.AEP-6.5fc1/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c	2008-11-09 22:05:27.000000000 -0800
@@ -443,18 +443,15 @@
     if(kdc_notify_pws_apple || kdc_active_realm->realm_pws_enabled){
     	errcode = kdc_update_pws(cname, 0, 1, server);
     	if (errcode) {
-			status = "CHECK_PWS_ACCT";
-			goto errout;
+	    krb5_free_data(kdc_context, *response);
+	    *response = NULL;
+	    status = "CHECK_PWS_ACCT";
+	    goto errout;
     	}
     }
 #endif
     	
    
-    /* these parts are left on as a courtesy from krb5_encode_kdc_rep so we
-       can use them in raw form if needed.  But, we don't... */
-    memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
-    free(reply.enc_part.ciphertext.data);
-
     rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply);
     krb5_klog_syslog(LOG_INFO,
 		     "AS_REQ (%s) %s: ISSUE: authtime %d, "
@@ -475,6 +472,11 @@
 
 errout:
 
+    /* these parts are left on as a courtesy from krb5_encode_kdc_rep so we
+       can use them in raw form if needed.  But, we don't... */
+    memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
+    free(reply.enc_part.ciphertext.data);
+
 #ifdef APPLE_KDC_MODS
     /* call code to notify PWS of the failure iff not NEEDS_Preauth   */
     if(kdc_notify_pws_apple || kdc_active_realm->realm_pws_enabled){