krb5_sock_to_principal: Respect option [libdefaults] block_dns.

This fixes the one leaky part of: https://github.com/heimdal/heimdal/issues/1214
2024-01-10 01:23:56 +00:00
parent f051c36471
commit e0aeef2bd3
1 changed files with 8 additions and 0 deletions
--- a/lib/krb5/sock_principal.c
+++ b/lib/krb5/sock_principal.c
@@ -46,6 +46,14 @@ krb5_sock_to_principal (krb5_context context,
    socklen_t salen = sizeof(__ss);
    char hostname[NI_MAXHOST];

+    if (krb5_config_get_bool(context, NULL, "libdefaults", "block_dns",
+	    NULL)) {
+	ret = HEIM_EAI_FAIL;
+	krb5_set_error_message (context, ret,
+				"krb5_sock_to_principal: block_dns enabled");
+	return ret;
+    }
+
    if (getsockname (sock, sa, &salen) < 0) {
 	ret = errno;
 	krb5_set_error_message (context, ret, "getsockname: %s", strerror(ret));