From 87d56ef018c8fbd72fa3ae6360900ab9a959dbcf Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sun, 17 Apr 2016 15:17:30 -0500
Subject: [PATCH] kpasswd: check krb5_unparse_name return

In verify() if krb5_unparse_name() fails 'sname' will be used
unitialized in the subsequent krb5_warnx() and free() calls.

Change-Id: I5a49bf06879eb5a77cf2d1d3f0d4b9c6549aeff8
---
 kpasswd/kpasswdd.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/kpasswd/kpasswdd.c b/kpasswd/kpasswdd.c
index 6459f5e44..dd60eea07 100644
--- a/kpasswd/kpasswdd.c
+++ b/kpasswd/kpasswdd.c
@@ -530,8 +530,10 @@ verify (krb5_auth_context *auth_context,
     if (!same) {
 	char *sname;
 
-	krb5_unparse_name(context, (*ticket)->server, &sname);
-	krb5_warnx(context, "Invalid kpasswd service principal %s", sname);
+	if (krb5_unparse_name(context, (*ticket)->server, &sname) != 0)
+	    sname = NULL;
+	krb5_warnx(context, "Invalid kpasswd service principal %s",
+		   sname ? sname : "<enomem>");
 	free(sname);
 	reply_error(NULL, s, sa, sa_size, ret, 1, "Bad request");
 	goto out;