From dd2ad50fbf9025049966676eeae5c12986d72ab6 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@twosigma.com>
Date: Wed, 19 Jan 2022 23:35:19 -0600
Subject: [PATCH] hdb: Make HDB-as-keytab get function match API

krb5_kt_get_entry() allows a NULL principal to be given ("match all").

The get method of the HDB-as-keytab keytab did not know this, and could
dereference a NULL as a result.
---
 lib/hdb/keytab.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/hdb/keytab.c b/lib/hdb/keytab.c
index ed6b222b5..b1aa0207c 100644
--- a/lib/hdb/keytab.c
+++ b/lib/hdb/keytab.c
@@ -190,6 +190,9 @@ hdb_get_entry(krb5_context context,
     HDB *db;
     size_t i;
 
+    if (!principal)
+        return KRB5_KT_NOTFOUND;
+
     memset(&ent, 0, sizeof(ent));
 
     if (dbname == NULL) {