kdc: hprop check return code if local realm

If 'local_realm' is true, must protect against failure of krb5_get_default_realm() and krb5_principal_set_realm(). Otherwise, the wrong realm might be used. Change-Id: Ib7a92559da1ac062c71228c5530106a13d836d53
2022-01-23 21:59:13 -05:00
parent 0a17a0b3b7
commit a3f4a0bf0b
1 changed files with 11 additions and 3 deletions
--- a/kdc/hprop.c
+++ b/kdc/hprop.c
@@ -316,9 +316,17 @@ propagate_database (krb5_context context, int type,

        if (local_realm) {
            krb5_realm my_realm;
-            krb5_get_default_realm(context,&my_realm);
-            krb5_principal_set_realm(context,server,my_realm);
-	    krb5_xfree(my_realm);
+            ret = krb5_get_default_realm(context,&my_realm);
+	    if (ret == 0) {
+		ret = krb5_principal_set_realm(context,server,my_realm);
+		krb5_xfree(my_realm);
+	    }
+	    if (ret) {
+		failed++;
+		krb5_warn(context, ret, "unable to obtain default or set realm");
+		close(fd);
+		continue;
+	    }
        }

 	auth_context = NULL;