From e53d594d0586f4c82e304fb9c63445824499b289 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 11 Oct 2023 14:25:36 +1300
Subject: [PATCH] krb5: Check return value of RAND_bytes()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---
 lib/krb5/pkinit.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c
index 2a0979b7e..557581a43 100644
--- a/lib/krb5/pkinit.c
+++ b/lib/krb5/pkinit.c
@@ -448,7 +448,9 @@ build_auth_pack(krb5_context context,
 		krb5_clear_error_message(context);
 		return ret;
 	    }
-	    RAND_bytes(a->clientDHNonce->data, a->clientDHNonce->length);
+	    ret = RAND_bytes(a->clientDHNonce->data, a->clientDHNonce->length);
+	    if (ret != 1)
+		return KRB5_CRYPTO_INTERNAL;
 	    ret = krb5_copy_data(context, a->clientDHNonce,
 				 &ctx->clientDHNonce);
 	    if (ret)