From 043b0d02c1651b408556a85cfae48d242915c953 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 27 Apr 2023 13:11:40 +1200
Subject: [PATCH] =?UTF-8?q?kdc:=20Don=E2=80=99t=20abort=20if=20krb5=5Fgene?=
 =?UTF-8?q?rate=5Frandom=5Fkeyblock()=20fails?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There are a few reasons that this function could fail (e.g., failure to
allocate memory) besides random number generation being unavailable. No
other caller abort()s on failure like this.

Furthermore, krb5_generate_random_block(), which is called by
krb5_generate_random_keyblock(), already aborts if random generation
fails.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---
 kdc/fast.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kdc/fast.c b/kdc/fast.c
index 6559357b3..a737bc1b8 100644
--- a/kdc/fast.c
+++ b/kdc/fast.c
@@ -799,8 +799,10 @@ _kdc_fast_strengthen_reply_key(astgs_request_t r)
 
 	ret = krb5_generate_random_keyblock(r->context, r->reply_key.keytype,
 					    &r->strengthen_key);
-	if (ret)
-	    krb5_abortx(r->context, "random generator fail");
+	if (ret) {
+	    kdc_log(r->context, r->config, 0, "failed to prepare random keyblock");
+	    return ret;
+	}
 
 	ret = _krb5_fast_cf2(r->context,
 			     &r->strengthen_key, "strengthenkey",