git: f6d5d31cd5d5 - main - heimdal: kadm5_c_get_principal() should check return code
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 09 Dec 2022 14:11:08 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=f6d5d31cd5d5b409851b3bf82c41a477a643a486
commit f6d5d31cd5d5b409851b3bf82c41a477a643a486
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-12-09 14:06:04 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-12-09 14:09:54 +0000
heimdal: kadm5_c_get_principal() should check return code
kadm5_c_get_principal() should check the return code from
kadm5_ret_principal_ent(). As it doesn't it assumes success when
there is none and can lead to potential vulnerability. Fix this.
Reported by: rtm@csail.mit.edu
MFC after: 3 days
---
crypto/heimdal/lib/kadm5/get_c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c
index 3c31a515b2f3..3cbfefdbf334 100644
--- a/crypto/heimdal/lib/kadm5/get_c.c
+++ b/crypto/heimdal/lib/kadm5/get_c.c
@@ -77,7 +77,7 @@ kadm5_c_get_principal(void *server_handle,
ret = tmp;
krb5_clear_error_message(context->context);
if(ret == 0)
- kadm5_ret_principal_ent(sp, out);
+ ret = kadm5_ret_principal_ent(sp, out);
krb5_storage_free(sp);
krb5_data_free (&reply);
return ret;