kpasswd: check krb5_unparse_name return

In verify() if krb5_unparse_name() fails 'sname' will be used unitialized in the subsequent krb5_warnx() and free() calls. Change-Id: I5a49bf06879eb5a77cf2d1d3f0d4b9c6549aeff8
2016-04-17 15:17:30 -05:00
parent 4ad2f5830a
commit 87d56ef018
1 changed files with 4 additions and 2 deletions
--- a/kpasswd/kpasswdd.c
+++ b/kpasswd/kpasswdd.c
@@ -530,8 +530,10 @@ verify (krb5_auth_context *auth_context,
    if (!same) {
 	char *sname;

-	krb5_unparse_name(context, (*ticket)->server, &sname);
-	krb5_warnx(context, "Invalid kpasswd service principal %s", sname);
+	if (krb5_unparse_name(context, (*ticket)->server, &sname) != 0)
+	    sname = NULL;
+	krb5_warnx(context, "Invalid kpasswd service principal %s",
+		   sname ? sname : "<enomem>");
 	free(sname);
 	reply_error(NULL, s, sa, sa_size, ret, 1, "Bad request");
 	goto out;