Fix krb5_def_fetch_mkey_list() segfault

Return KRB5_KDB_NOMASTERKEY if K/M contains no key data, instead of
blindly dereferencing the first key data element.

ticket: 8395 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup

diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index 416f7d7d5ef3dbfe14ac7db997c4bc9296d72ce3..ebda9d65ce1a8cea6f5b6b494ba40f254edb13ec 100644 (file)
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -445,6 +445,11 @@ krb5_def_fetch_mkey_list(krb5_context        context,
     if (retval)
         return (retval);
 
+    if (master_entry->n_key_data == 0) {
+        retval = KRB5_KDB_NOMASTERKEY;
+        goto clean_n_exit;
+    }
+
     /*
      * Check if the input mkey is the latest key and if it isn't then find the
      * latest mkey.