From 5ce5a9bea994d7db3d352d0800333d0fd0b833df Mon Sep 17 00:00:00 2001
From: =?utf8?q?G=C3=BCnther=20Deschner?= <gd@samba.org>
Date: Thu, 19 Mar 2009 16:42:54 +0100
Subject: [PATCH] s3-krb5: Fix Coverity #722 (RESOURCE_LEAK).

Guenther
(cherry picked from commit 1524abd8bf12d82e1fb0063585fc9a465fc7bf9c)
(cherry picked from commit 3517388b5d5439ffe3f9629aaf826fa1dfbb4ba7)
---
 source/libsmb/clikrb5.c | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/source/libsmb/clikrb5.c b/source/libsmb/clikrb5.c
index 9fd4914df53..007fd8de7c4 100644
--- a/source/libsmb/clikrb5.c
+++ b/source/libsmb/clikrb5.c
@@ -861,24 +861,30 @@ failed:
 
  bool get_krb5_smb_session_key(krb5_context context, krb5_auth_context auth_context, DATA_BLOB *session_key, bool remote)
  {
-	krb5_keyblock *skey;
-	krb5_error_code err;
-	bool ret = False;
+	krb5_keyblock *skey = NULL;
+	krb5_error_code err = 0;
+	bool ret = false;
 
-	if (remote)
+	if (remote) {
 		err = krb5_auth_con_getremotesubkey(context, auth_context, &skey);
-	else
+	} else {
 		err = krb5_auth_con_getlocalsubkey(context, auth_context, &skey);
-	if (err == 0 && skey != NULL) {
-		DEBUG(10, ("Got KRB5 session key of length %d\n",  (int)KRB5_KEY_LENGTH(skey)));
-		*session_key = data_blob(KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
-		dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
+	}
 
-		ret = True;
+	if (err || skey == NULL) {
+		DEBUG(10, ("KRB5 error getting session key %d\n", err));
+		goto done;
+	}
 
+	DEBUG(10, ("Got KRB5 session key of length %d\n",  (int)KRB5_KEY_LENGTH(skey)));
+	*session_key = data_blob(KRB5_KEY_DATA(skey), KRB5_KEY_LENGTH(skey));
+	dump_data_pw("KRB5 Session Key:\n", session_key->data, session_key->length);
+
+	ret = true;
+
+ done:
+	if (skey) {
 		krb5_free_keyblock(context, skey);
-	} else {
-		DEBUG(10, ("KRB5 error getting session key %d\n", err));
 	}
 
 	return ret;
-- 
2.11.4.GIT