Fix handling of invalid CAMMAC service verifier

author Jeffrey Arbuckle <jeffa.lans@gmail.com>

Sun, 22 Dec 2019 03:59:20 +0000 (22:59 -0500)

committer Greg Hudson <ghudson@mit.edu>

Tue, 7 Jan 2020 21:37:51 +0000 (16:37 -0500)
author Jeffrey Arbuckle <jeffa.lans@gmail.com>
Sun, 22 Dec 2019 03:59:20 +0000 (22:59 -0500)
committer Greg Hudson <ghudson@mit.edu>
Tue, 7 Jan 2020 21:37:51 +0000 (16:37 -0500)
diff --git a/src/lib/krb5/krb/authdata.c b/src/lib/krb5/krb/authdata.c

index 3685fcd916f72676c82ecf48cea0f2395ff3a101..7f28883be698debd2979eaceb7ede62464f745f4 100644 (file)
--- a/src/lib/krb5/krb/authdata.c
+++ b/src/lib/krb5/krb/authdata.c
@@ -557,6 +557,8 @@ extract_cammacs(krb5_context kcontext, krb5_authdata **cammacs,
          if (ret && ret != KRB5KRB_AP_ERR_BAD_INTEGRITY)
              goto cleanup;
          ret = 0;
+        if (elements == NULL)
+            continue;
  
          /* Add the verified elements to list and free the container array. */
          for (n_elements = 0; elements[n_elements] != NULL; n_elements++);
author	Jeffrey Arbuckle <jeffa.lans@gmail.com>
	Sun, 22 Dec 2019 03:59:20 +0000 (22:59 -0500)
committer	Greg Hudson <ghudson@mit.edu>
	Tue, 7 Jan 2020 21:37:51 +0000 (16:37 -0500)