s4:kdc: Check return value of smb_krb5_principal_get_comp_string()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index b9cc1e4057ae02ea75520bdb1cf4cec6101202b0..53d84340d0be02d15bc0f18e4123a39f7e301e1c 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1205,15 +1205,23 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
         * these more restricted SPNs.
         */
        if (krb5_princ_size(context, principal) > 2) {
-               char *third_part
-                       = smb_krb5_principal_get_comp_string(tmp_ctx,
-                                                            context,
-                                                            principal,
-                                                            2);
-               bool is_our_realm =
-                        lpcfg_is_my_domain_or_realm(lp_ctx,
+               char *third_part = NULL;
+               bool is_our_realm;
+               bool is_dc;
+
+               third_part = smb_krb5_principal_get_comp_string(tmp_ctx,
+                                                               context,
+                                                               principal,
+                                                               2);
+               if (third_part == NULL) {
+                       ret = ENOMEM;
+                       krb5_set_error_message(context, ret, "smb_krb5_principal_get_comp_string: out of memory");
+                       goto out;
+               }
+
+               is_our_realm = lpcfg_is_my_domain_or_realm(lp_ctx,
                                                     third_part);
-               bool is_dc = userAccountControl &
+               is_dc = userAccountControl &
                        (UF_SERVER_TRUST_ACCOUNT | UF_PARTIAL_SECRETS_ACCOUNT);
                if (is_our_realm && !is_dc) {
                        entry->flags.server = 0;