From e0aeef2bd35c88809528c47a9f26be5ca404e681 Mon Sep 17 00:00:00 2001
From: Taylor R Campbell <campbell+heimdal@mumble.net>
Date: Wed, 10 Jan 2024 01:23:56 +0000
Subject: [PATCH] krb5_sock_to_principal: Respect option [libdefaults]
 block_dns.

This fixes the one leaky part of:
https://github.com/heimdal/heimdal/issues/1214
---
 lib/krb5/sock_principal.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/krb5/sock_principal.c b/lib/krb5/sock_principal.c
index a43546de3..aedb0cf46 100644
--- a/lib/krb5/sock_principal.c
+++ b/lib/krb5/sock_principal.c
@@ -46,6 +46,14 @@ krb5_sock_to_principal (krb5_context context,
     socklen_t salen = sizeof(__ss);
     char hostname[NI_MAXHOST];
 
+    if (krb5_config_get_bool(context, NULL, "libdefaults", "block_dns",
+	    NULL)) {
+	ret = HEIM_EAI_FAIL;
+	krb5_set_error_message (context, ret,
+				"krb5_sock_to_principal: block_dns enabled");
+	return ret;
+    }
+
     if (getsockname (sock, sa, &salen) < 0) {
 	ret = errno;
 	krb5_set_error_message (context, ret, "getsockname: %s", strerror(ret));