From 0c886210b7a740744e8319b3987845f2c27261e1 Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Thu, 27 Aug 2020 15:35:40 -0400
Subject: [PATCH] Always free ciphertext data in gp_encrypt_buffer

Signed-off-by: Simo Sorce <simo@redhat.com>
[rharwood@redhat.com: rewrote commit message]
Reviewed-by: Robbie Harwood <rharwood@redhat.com>
(cherry picked from commit fe9e3c29caab90daf19028fb31ff28622d8708a9)
---
 proxy/src/gp_export.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/proxy/src/gp_export.c b/proxy/src/gp_export.c
index a5681c0..fb2f81b 100644
--- a/proxy/src/gp_export.c
+++ b/proxy/src/gp_export.c
@@ -308,10 +308,9 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
     ret = gp_conv_octet_string(enc_handle.ciphertext.length,
                                enc_handle.ciphertext.data,
                                out);
-    if (ret) {
-        free(enc_handle.ciphertext.data);
-        goto done;
-    }
+    /* the conversion function copies the data, so free our copy
+     * unconditionally, or we leak */
+    free(enc_handle.ciphertext.data);
 
 done:
     free(padded);