kdc: validate sname in TGS-REQ

In tgs_build_reply(), validate the server name in the TGS-REQ is present before dereferencing.
2021-08-27 11:42:48 +10:00
parent a5378daa6c
commit 0417114794
1 changed files with 4 additions and 0 deletions
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -1699,6 +1699,10 @@ tgs_build_reply(astgs_request_t priv,

 	s = &adtkt.cname;
 	r = adtkt.crealm;
+    } else if (s == NULL) {
+	ret = KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN;
+	_kdc_set_e_text(r, "No server in request");
+	goto out;
    }

    _krb5_principalname2krb5_principal(context, &sp, *s, r);