git: ed8706c340f6 - stable/13 - heimdal: kadm5_c_get_principal() should check return code
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 12 Dec 2022 14:40:56 UTC
The branch stable/13 has been updated by cy:
URL: https://cgit.FreeBSD.org/src/commit/?id=ed8706c340f63a98ad49ec3f0212c4ee36022095
commit ed8706c340f63a98ad49ec3f0212c4ee36022095
Author: Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-12-09 14:06:04 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-12-12 14:40:37 +0000
heimdal: kadm5_c_get_principal() should check return code
kadm5_c_get_principal() should check the return code from
kadm5_ret_principal_ent(). As it doesn't it assumes success when
there is none and can lead to potential vulnerability. Fix this.
Reported by: rtm@csail.mit.edu
(cherry picked from commit f6d5d31cd5d5b409851b3bf82c41a477a643a486)
---
crypto/heimdal/lib/kadm5/get_c.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c
index 3c31a515b2f3..3cbfefdbf334 100644
--- a/crypto/heimdal/lib/kadm5/get_c.c
+++ b/crypto/heimdal/lib/kadm5/get_c.c
@@ -77,7 +77,7 @@ kadm5_c_get_principal(void *server_handle,
ret = tmp;
krb5_clear_error_message(context->context);
if(ret == 0)
- kadm5_ret_principal_ent(sp, out);
+ ret = kadm5_ret_principal_ent(sp, out);
krb5_storage_free(sp);
krb5_data_free (&reply);
return ret;