From 8b70ee1ea8bfa84a35448148431ce54c1ac81bef Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud <flo@redhat.com>
Date: Tue, 26 Sep 2023 10:21:29 +0200
Subject: [PATCH] Covscan issues: deadcode and Use after free

Covscan detected an unused value in ipa_kdb_principals.c
and a use-after-free in ipa-print-pac.c.

Fixes: https://pagure.io/freeipa/issue/9431

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 daemons/ipa-kdb/ipa-print-pac.c      | 2 +-
 daemons/ipa-kdb/ipa_kdb_principals.c | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-kdb/ipa-print-pac.c b/daemons/ipa-kdb/ipa-print-pac.c
index ac3e4822e2f..e0d00d13173 100644
--- a/daemons/ipa-kdb/ipa-print-pac.c
+++ b/daemons/ipa-kdb/ipa-print-pac.c
@@ -494,7 +494,7 @@ init_with_password(const char *name, const char *password)
 
 done:
     if (service_creds != GSS_C_NO_CREDENTIAL)
-        gss_release_cred(&min, &client_creds);
+        gss_release_cred(&min, &service_creds);
 
     if (client_creds != GSS_C_NO_CREDENTIAL)
         gss_release_cred(&min, &client_creds);
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 4b568c1c454..139f091aa9f 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -1839,6 +1839,9 @@ krb5_error_code ipadb_get_principal(krb5_context kcontext,
             kerr = krb5_dbe_set_string(kcontext, *entry,
                                        KRB5_KDB_SK_PAC_PRIVSVR_ENCTYPE,
                                        "aes256-sha1");
+            if (kerr)
+                return kerr;
+
         }
 
         /* We should have been initialized at this point already */