[26849] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix apply_keysalt_policy bug
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Aug 15 15:33:58 2012
Date: Wed, 15 Aug 2012 15:33:56 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201208151933.q7FJXuaX008212@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/b52d0c793c82e9c74f03b1d2a5d251a1adc4626f
commit b52d0c793c82e9c74f03b1d2a5d251a1adc4626f
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Aug 15 15:12:12 2012 -0400
Fix apply_keysalt_policy bug
If apply_keysalt_policy is called with null result arguments (as from
kadm5_setkey_principal_3), we would dereference a null pointer if the
principal has no policy or no policy allowed_keysalts field, due to an
incorrect optimization. Reported by Nico.
ticket: 7223
src/lib/kadm5/srv/svr_principal.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index f405f55..5d85827 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -224,7 +224,7 @@ apply_keysalt_policy(kadm5_server_handle_t handle, const char *policy,
goto cleanup;
}
- if (polent.allowed_keysalts == NULL && new_n_kstp != NULL) {
+ if (polent.allowed_keysalts == NULL) {
/* Requested keysalts allowed or default to supported_enctypes. */
if (n_ks_tuple == 0) {
/* Default to supported_enctypes. */
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
