From 98f18cd98824acdf1045e74615f2db0219019f0b Mon Sep 17 00:00:00 2001
From: Cy Schubert <cy@FreeBSD.org>
Date: Mon, 16 Jun 2025 11:40:51 -0700
Subject: [PATCH] pam_ksu: Move the realm free to end of function

This avoids a use after free.

Noted by:	jhb
---
 lib/libpam/modules/pam_ksu/pam_ksu.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/libpam/modules/pam_ksu/pam_ksu.c b/lib/libpam/modules/pam_ksu/pam_ksu.c
index a6b3f043d3f..e50c3e38731 100644
--- a/lib/libpam/modules/pam_ksu/pam_ksu.c
+++ b/lib/libpam/modules/pam_ksu/pam_ksu.c
@@ -85,8 +85,6 @@ krb5_make_principal(krb5_context context, krb5_principal principal,
 		if ((rc = krb5_get_default_realm(context, &temp_realm)))
 			return (rc);
 		realm=temp_realm;
-		if (temp_realm)
-			free(temp_realm);
 	}
 	va_start(ap, realm);
 	/*
@@ -99,6 +97,8 @@ krb5_make_principal(krb5_context context, krb5_principal principal,
 	 */
 	rc = krb5_build_principal_va(context, principal, strlen(realm), realm, ap);
 	va_end(ap);
+	if (temp_realm)
+		free(temp_realm);
 	return (rc);
 }
 #endif