kdc: Don’t abort if krb5_generate_random_keyblock() fails

There are a few reasons that this function could fail (e.g., failure to allocate memory) besides random number generation being unavailable. No other caller abort()s on failure like this. Furthermore, krb5_generate_random_block(), which is called by krb5_generate_random_keyblock(), already aborts if random generation fails. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-27 13:11:40 +12:00
parent 43a4c01126
commit 043b0d02c1
1 changed files with 4 additions and 2 deletions
--- a/kdc/fast.c
+++ b/kdc/fast.c
@@ -799,8 +799,10 @@ _kdc_fast_strengthen_reply_key(astgs_request_t r)
 	ret = krb5_generate_random_keyblock(r->context, r->reply_key.keytype,
 					    &r->strengthen_key);
-	if (ret)
+	if (ret) {
-	    krb5_abortx(r->context, "random generator fail");
+	    kdc_log(r->context, r->config, 0, "failed to prepare random keyblock");
 	    return ret;
 	}
 	ret = _krb5_fast_cf2(r->context,
 			     &r->strengthen_key, "strengthenkey",