diff -Nur -x '*~' -x '*.orig' -x '*.rej' -x '*.pbxbtree' -x '*.pbxindex' -x lha.mode1v3 -x lha.mode2v3 -x lha.pbxuser -x windows -x .DS_Store Kerberos.AEP-6.5fc1.orig/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c Kerberos.AEP-6.5fc1/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c
--- Kerberos.AEP-6.5fc1.orig/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c 2008-11-09 21:03:38.000000000 -0800
+++ Kerberos.AEP-6.5fc1/KerberosFramework/Kerberos5/Sources/kdc/do_as_req.c 2008-11-09 22:05:27.000000000 -0800
@@ -443,18 +443,15 @@
if(kdc_notify_pws_apple || kdc_active_realm->realm_pws_enabled){
errcode = kdc_update_pws(cname, 0, 1, server);
if (errcode) {
- status = "CHECK_PWS_ACCT";
- goto errout;
+ krb5_free_data(kdc_context, *response);
+ *response = NULL;
+ status = "CHECK_PWS_ACCT";
+ goto errout;
}
}
#endif
- /* these parts are left on as a courtesy from krb5_encode_kdc_rep so we
- can use them in raw form if needed. But, we don't... */
- memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
- free(reply.enc_part.ciphertext.data);
-
rep_etypes2str(rep_etypestr, sizeof(rep_etypestr), &reply);
krb5_klog_syslog(LOG_INFO,
"AS_REQ (%s) %s: ISSUE: authtime %d, "
@@ -475,6 +472,11 @@
errout:
+ /* these parts are left on as a courtesy from krb5_encode_kdc_rep so we
+ can use them in raw form if needed. But, we don't... */
+ memset(reply.enc_part.ciphertext.data, 0, reply.enc_part.ciphertext.length);
+ free(reply.enc_part.ciphertext.data);
+
#ifdef APPLE_KDC_MODS
/* call code to notify PWS of the failure iff not NEEDS_Preauth */
if(kdc_notify_pws_apple || kdc_active_realm->realm_pws_enabled){
