Prevent null dereference with keyboard master key

If krb5_db_fetch_mkey() prompts for a master key and needs to
determine the kvno, check that the master entry contains any key data
before dereferencing the first element.  Reported by Joshua Schaeffer.

(cherry picked from commit 29c504504f0c56c861d968ba2498590bf34714cd)

ticket: 8600
version_fixed: 1.14.6

diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index b85af5a21a8b4f593998b9c1fafbfbcd8719aa47..3d5d9196c2a48b7d61227dac3b1a5f0784dcdb20 100644 (file)
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -1092,11 +1092,12 @@ krb5_db_fetch_mkey(krb5_context context, krb5_principal mname,
             krb5_db_entry *master_entry;
 
             rc = krb5_db_get_principal(context, mname, 0, &master_entry);
-            if (rc == 0) {
+            if (rc == 0 && master_entry->n_key_data > 0)
                 *kvno = (krb5_kvno) master_entry->key_data->key_data_kvno;
-                krb5_db_free_principal(context, master_entry);
-            } else
+            else
                 *kvno = 1;
+            if (rc == 0)
+                krb5_db_free_principal(context, master_entry);
         }
 
         if (!salt)