From 45cce31e2596de2c9b6048674510572c248e2ec9 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy@redhat.com>
Date: Tue, 15 Jul 2025 10:52:01 +0300
Subject: [PATCH] kdb: prevent double crash in RBCD ACL free

acl_list was set to prev->tl_data_contents and its value is freed but
then is is freed again outside of the if(). Just reset acl_list pointer
as prev->tl_data_contents is removed unconditionally outside of the RBCD
ACL removal.

Related: https://pagure.io/freeipa/issue/9367

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
---
 daemons/ipa-kdb/ipa_kdb_principals.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 19998c2a38b5d8ae80aeedeb003f54241d2c2a9f..a7e77e940ab61b27407076a834f3804b0e69c122 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -2160,7 +2160,8 @@ void ipadb_free_principal(krb5_context kcontext, krb5_db_entry *entry)
                 for (i = 0; (acl_list != NULL) && (acl_list[i] != NULL); i++) {
                     free(acl_list[i]);
                 }
-                free(acl_list);
+                /* prev->tl_data_contents will be removed below */
+                acl_list = NULL;
             }
             free(prev->tl_data_contents);
             free(prev);
-- 
2.50.1