From 5cb5b6d748fd903a4a6a2b68f5c8f65a3ad8c168 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Tue, 16 Nov 2021 12:53:06 +1300
Subject: [PATCH] kdc: Check return code

Assists Samba to address CVE-2020-25719

Samba BUG: https://bugzilla.samba.org/show_bug.cgi?id=14873

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(cherry-picked from Samba commit a5db5c7fa2bdf5c651f77749b4e79c515d164e4f)
---
 kdc/krb5tgs.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index 16dae8f39..39d86064d 100644
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -1455,7 +1455,10 @@ tgs_build_reply(astgs_request_t priv,
 	    ret = KRB5KDC_ERR_POLICY;
 	    goto out;
 	}
-	_krb5_principalname2krb5_principal(context, &p, t->sname, t->realm);
+	ret = _krb5_principalname2krb5_principal(context, &p, t->sname, t->realm);
+	if (ret)
+	    goto out;
+
 	ret = krb5_unparse_name(context, p, &tpn);
 	if (ret)
 		goto out;