auth: fix a memory leak in gssapi_get_session_key()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006

Signed-off-by: Uri Simchoni <uri@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Wed Jul  6 00:40:15 CEST 2016 on sn-devel-144

1 files changed, 1 insertions, 6 deletions

diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index 685d0ec251a..74c199adc94 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -246,6 +246,7 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
 		int diflen, i;
 		const uint8_t *p;
 
+		*keytype = 0;
 		if (set->count < 2) {
 
 #ifdef HAVE_GSSKRB5_GET_SUBKEY
@@ -256,10 +257,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
 			if (gss_maj == 0) {
 				*keytype = KRB5_KEY_TYPE(subkey);
 				krb5_free_keyblock(NULL /* should be krb5_context */, subkey);
-			} else
-#else
-			{
-				*keytype = 0;
 			}
 #endif
 			gss_maj = gss_release_buffer_set(&gss_min, &set);
@@ -270,7 +267,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
 				  gse_sesskeytype_oid.elements,
 				  gse_sesskeytype_oid.length) != 0) {
 			/* Perhaps a non-krb5 session key */
-			*keytype = 0;
 			gss_maj = gss_release_buffer_set(&gss_min, &set);
 			return NT_STATUS_OK;
 		}
@@ -280,7 +276,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
 			gss_maj = gss_release_buffer_set(&gss_min, &set);
 			return NT_STATUS_INVALID_PARAMETER;
 		}
-		*keytype = 0;
 		for (i = 0; i < diflen; i++) {
 			*keytype = (*keytype << 7) | (p[i] & 0x7f);
 			if (i + 1 != diflen && (p[i] & 0x80) == 0) {