Fix OTP preauth crash with null prompter

In doprompt(), check if the caller provided a prompter before
dereferencing it.  Similar code returns either EIO or
KRB5_LIBOS_CANTREADPWD; use EIO for this case as OTP preauth prompts
for a PIN and not a Kerberos password.

[ghudson@mit.edu: edited commit message]

ticket: 9186 (new)

diff --git a/src/lib/krb5/krb/preauth_otp.c b/src/lib/krb5/krb/preauth_otp.c
index 07ffc15c22157d3f23e30224bc557fc981afe8e0..48003da62fedf1e7f6aa11b15c15742519a784a9 100644 (file)
--- a/src/lib/krb5/krb/preauth_otp.c
+++ b/src/lib/krb5/krb/preauth_otp.c
@@ -479,6 +479,9 @@ doprompt(krb5_context context, krb5_prompter_fct prompter, void *prompter_data,
     krb5_error_code retval;
     krb5_prompt_type prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
 
+    if (prompter == NULL)
+        return EIO;
+
     if (prompttxt == NULL || out == NULL)
         return EINVAL;