From 0452d8c601e599ba741b9560c4ac84fa7752e7fb Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Wed, 16 Jun 2021 12:09:19 +1000
Subject: [PATCH] krb5: check return value in krb5_get[_cache]_next()

krb5_get_next() and krb5_get_cache_next() do not check for krb5_kcm_call()
returning non-zero before accessing the repsonse data; they only handle the
case where the return value is KRB5_CC_END.

Return immediately if the return value of krb5_kcm_call() is not KRB5_CC_END or
0. This was fixed in the Apple code.
---
 lib/krb5/kcm.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/krb5/kcm.c b/lib/krb5/kcm.c
index 933b5fb01..760abf5c5 100644
--- a/lib/krb5/kcm.c
+++ b/lib/krb5/kcm.c
@@ -674,7 +674,8 @@ kcm_get_next (krb5_context context,
     krb5_storage_free(request);
     if (ret == KRB5_CC_END) {
 	goto again;
-    }
+    } else if (ret)
+	return ret;
 
     ret = krb5_ret_creds(response, creds);
     if (ret)
@@ -902,6 +903,8 @@ kcm_get_cache_next(krb5_context context, krb5_cc_cursor cursor, const krb5_cc_op
     krb5_storage_free(request);
     if (ret == KRB5_CC_END)
 	goto again;
+    else if (ret)
+	return ret;
 
     ret = krb5_ret_stringz(response, &name);
     krb5_storage_free(response);