From 8324a2af1dcd09dd574a2e155bd10458fcbdf8e2 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Thu, 20 Jan 2022 09:27:59 -0500
Subject: [PATCH] lib/krb5: unparse_name_fixed error if invalid name buffer or
 length

If the output 'name' buffer is NULL or length is zero, there is
no place to unparse the principal name to.  Fail with EINVAL and
if possible set an error message on the krb5_context.

This avoids potential NULL pointer dereferences.

Change-Id: Ie38d284f1867be883a2f2e31103ea50cd130a0fe
---
 lib/krb5/principal.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/krb5/principal.c b/lib/krb5/principal.c
index ed44b33a1..c45863544 100644
--- a/lib/krb5/principal.c
+++ b/lib/krb5/principal.c
@@ -457,8 +457,14 @@ unparse_name_fixed(krb5_context context,
     int no_realm = (flags & KRB5_PRINCIPAL_UNPARSE_NO_REALM) != 0;
     int display = (flags & KRB5_PRINCIPAL_UNPARSE_DISPLAY) != 0;
 
-    if (name && len)
-        name[0] = '\0';
+    if (name == NULL || len == 0) {
+	krb5_set_error_message(context, EINVAL,
+			       N_("Invalid name buffer or length, "
+				  "can't unparse", ""));
+	return EINVAL;
+    }
+
+    name[0] = '\0';
 
     if (!no_realm && princ_realm(principal) == NULL) {
 	krb5_set_error_message(context, ERANGE,