From 7ecd5b5f9df24d0c4f561fbe32b5bf2da3bf622d Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Wed, 26 May 2010 11:45:17 -0500
Subject: [PATCH] Check NULL pointer before dereference them

Found by Russ Allbery
---
 kdc/krb5tgs.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index 53c0a589b..70138c789 100644
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -447,7 +447,7 @@ check_tgs_flags(krb5_context context,
     }
 
     if(f.renewable){
-	if(!tgt->flags.renewable){
+	if(!tgt->flags.renewable || tgt->renew_till == NULL){
 	    kdc_log(context, config, 0,
 		    "Bad request for renewable ticket");
 	    return KRB5KDC_ERR_BADOPTION;
@@ -770,7 +770,9 @@ tgs_make_reply(krb5_context context,
 	et.endtime = *et.starttime + life;
     }
     if(f.renewable_ok && tgt->flags.renewable &&
-       et.renew_till == NULL && et.endtime < *b->till){
+       et.renew_till == NULL && et.endtime < *b->till &&
+       tgt->renew_till != NULL)
+    {
 	et.flags.renewable = 1;
 	ALLOC(et.renew_till);
 	*et.renew_till = *b->till;