From a3f4a0bf0b7cd7035498c8db7abac1e5767e80c4 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Sun, 23 Jan 2022 21:59:13 -0500
Subject: [PATCH] kdc: hprop check return code if local realm

If 'local_realm' is true, must protect against failure
of krb5_get_default_realm() and krb5_principal_set_realm().
Otherwise, the wrong realm might be used.

Change-Id: Ib7a92559da1ac062c71228c5530106a13d836d53
---
 kdc/hprop.c | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/kdc/hprop.c b/kdc/hprop.c
index da9af2ab0..cf6093c5a 100644
--- a/kdc/hprop.c
+++ b/kdc/hprop.c
@@ -316,9 +316,17 @@ propagate_database (krb5_context context, int type,
 
         if (local_realm) {
             krb5_realm my_realm;
-            krb5_get_default_realm(context,&my_realm);
-            krb5_principal_set_realm(context,server,my_realm);
-	    krb5_xfree(my_realm);
+            ret = krb5_get_default_realm(context,&my_realm);
+	    if (ret == 0) {
+		ret = krb5_principal_set_realm(context,server,my_realm);
+		krb5_xfree(my_realm);
+	    }
+	    if (ret) {
+		failed++;
+		krb5_warn(context, ret, "unable to obtain default or set realm");
+		close(fd);
+		continue;
+	    }
         }
 
 	auth_context = NULL;