From 444314b0e04e65f80245a0da591e2730aca369e8 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Dec 18 2013 21:13:36 +0000
Subject: Avoid crashing due to a specific misconfiguration


- backport fix to avoid double-freeing in the client when we're
  configured to use a clpreauth module that isn't actually a clpreauth
  module (#1035203)

---

diff --git a/krb5-1.11-preauthcore.patch b/krb5-1.11-preauthcore.patch
new file mode 100644
index 0000000..27c6692
--- /dev/null
+++ b/krb5-1.11-preauthcore.patch
@@ -0,0 +1,12 @@
+Backport a small fix from 1.12 (#1035203).
+
+--- src/lib/krb5/krb/preauth2.c
++++ src/lib/krb5/krb/preauth2.c
+@@ -1002,6 +1002,7 @@ krb5_do_preauth(krb5_context context, kr
+     krb5_init_preauth_context(context);
+     if (context->preauth_context == NULL) {
+         *out_padata = out_pa_list;
++        out_pa_list = NULL;
+         goto error;
+     }
+ 
diff --git a/krb5.spec b/krb5.spec
index c4a4859..e5778c1 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -41,7 +41,7 @@
 Summary: The Kerberos network authentication system
 Name: krb5
 Version: 1.11.3
-Release: 35%{?dist}
+Release: 36%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.3-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -117,6 +117,7 @@ Patch144: krb5-master-no-malloc0.patch
 Patch145: krb5-master-ignore-empty-unnecessary-final-token.patch
 Patch146: krb5-master-gss_oid_leak.patch
 Patch147: krb5-master-keytab_close.patch
+Patch148: krb5-1.11-preauthcore.patch
 
 # Patches for otp plugin backport
 Patch201: krb5-1.11.2-keycheck.patch
@@ -374,6 +375,7 @@ ln -s NOTICE LICENSE
 %patch145 -p1 -b .ignore-empty-unnecessary-final-token
 %patch146 -p1 -b .gss_oid_leak
 %patch147 -p1 -b .keytab_close
+%patch148 -p0 -b .preauthcore
 
 %patch201 -p1 -b .keycheck
 %patch202 -p1 -b .otp
@@ -1026,6 +1028,10 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Wed Dec 18 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-36
+- backport fix to avoid double-freeing in the client when we're configured
+  to use a clpreauth module that isn't actually a clpreauth module (#1035203)
+
 * Wed Dec 18 2013 Nalin Dahyabhai <nalin@redhat.com> - 1.11.3-35
 - pull in fix from master to return a NULL pointer rather than allocating
   zero bytes of memory if we read a zero-length input token (RT#7794, part of