From 5e270a89145b97b947b16f944b761ebb87488904 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Thu, 4 Jul 2019 23:40:52 -0500 Subject: [PATCH] Fix missing error checking in lib/krb5/pkinit.c --- lib/krb5/pkinit.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c index 3079b81ed..a0d4b4aa1 100644 --- a/lib/krb5/pkinit.c +++ b/lib/krb5/pkinit.c @@ -719,7 +719,7 @@ pk_mk_padata(krb5_context context, free(buf.data); if (ret == 0) - krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0); + ret = krb5_padata_add(context, md, KRB5_PADATA_PK_AS_09_BINDING, NULL, 0); out: free_ContentInfo(&content_info); @@ -2387,10 +2387,15 @@ krb5_get_init_creds_opt_set_pkinit(krb5_context context, opt->opt_private->pk_init_ctx->id->flags |= PKINIT_BTMM; if (opt->opt_private->pk_init_ctx->id->certs) { - _krb5_pk_set_user_id(context, - principal, - opt->opt_private->pk_init_ctx, - opt->opt_private->pk_init_ctx->id->certs); + ret = _krb5_pk_set_user_id(context, + principal, + opt->opt_private->pk_init_ctx, + opt->opt_private->pk_init_ctx->id->certs); + if (ret) { + free(opt->opt_private->pk_init_ctx); + opt->opt_private->pk_init_ctx = NULL; + return ret; + } } else opt->opt_private->pk_init_ctx->id->cert = NULL; @@ -2449,9 +2454,7 @@ krb5_get_init_creds_opt_set_pkinit_user_certs(krb5_context context, return EINVAL; } - _krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs); - - return 0; + return _krb5_pk_set_user_id(context, NULL, opt->opt_private->pk_init_ctx, certs); #else krb5_set_error_message(context, EINVAL, N_("no support for PKINIT compiled in", ""));