From f3715e62dab66f01010de47296b07917d2085d07 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Sep 25 2018 14:34:19 +0000
Subject: auth-krb5: Avoid memory leaks and unread assignments


---

diff --git a/openssh-7.7p1-gssapi-new-unique.patch b/openssh-7.7p1-gssapi-new-unique.patch
index 7acc58a..49c7e86 100644
--- a/openssh-7.7p1-gssapi-new-unique.patch
+++ b/openssh-7.7p1-gssapi-new-unique.patch
@@ -113,7 +113,7 @@ index a5a81ed2..63f877f2 100644
  	if (authctxt->krb5_user) {
  		krb5_free_principal(authctxt->krb5_ctx, authctxt->krb5_user);
  		authctxt->krb5_user = NULL;
-@@ -237,36 +287,186 @@ krb5_cleanup_proc(Authctxt *authctxt)
+@@ -237,36 +287,188 @@ krb5_cleanup_proc(Authctxt *authctxt)
  	}
  }
  
@@ -195,7 +195,7 @@ index a5a81ed2..63f877f2 100644
 +			continue;
 +		} else {
 +			p_o = strchr(p_n, '}') + 1;
-+			p_o = '\0';
++			*p_o = '\0';
 +			debug("%s: unsupported token %s in %s", __func__, p_n, template);
 +			/* unknown token, fallback to the default */
 +			goto cleanup;
@@ -307,6 +307,7 @@ index a5a81ed2..63f877f2 100644
 +	if (krb5_cc_support_switch(ctx, type)) {
 +		debug3("%s: calling cc_new_unique(%s)", __func__, ccname);
 +		ret = krb5_cc_new_unique(ctx, type, NULL, ccache);
++		free(type);
 +		if (ret)
 +			return ret;
 +
@@ -317,6 +318,7 @@ index a5a81ed2..63f877f2 100644
 +		 * it is already unique from above or the type does not support
 +		 * collections
 +		 */
++		free(type);
 +		debug3("%s: calling cc_resolve(%s)", __func__, ccname);
 +		return (krb5_cc_resolve(ctx, ccname, ccache));
 +	}