git: f6d5d31cd5d5 - main - heimdal: kadm5_c_get_principal() should check return code

From: Cy Schubert <cy_at_FreeBSD.org>
Date: Fri, 09 Dec 2022 14:11:08 UTC
The branch main has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=f6d5d31cd5d5b409851b3bf82c41a477a643a486

commit f6d5d31cd5d5b409851b3bf82c41a477a643a486
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2022-12-09 14:06:04 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2022-12-09 14:09:54 +0000

    heimdal: kadm5_c_get_principal() should check return code
    
    kadm5_c_get_principal() should check the return code from
    kadm5_ret_principal_ent(). As it doesn't it assumes success when
    there is none and can lead to potential vulnerability. Fix this.
    
    Reported by:    rtm@csail.mit.edu
    MFC after:      3 days
---
 crypto/heimdal/lib/kadm5/get_c.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c
index 3c31a515b2f3..3cbfefdbf334 100644
--- a/crypto/heimdal/lib/kadm5/get_c.c
+++ b/crypto/heimdal/lib/kadm5/get_c.c
@@ -77,7 +77,7 @@ kadm5_c_get_principal(void *server_handle,
     ret = tmp;
     krb5_clear_error_message(context->context);
     if(ret == 0)
-	kadm5_ret_principal_ent(sp, out);
+	ret = kadm5_ret_principal_ent(sp, out);
     krb5_storage_free(sp);
     krb5_data_free (&reply);
     return ret;