Fix returning KDB_NOENTRY in find_alternate_tgs()

After searching for a cross-realm TGS entry to provide to a client as a
referral, if we're all set to return a success code but aren't actually
returning an entry, we should be returning an error.  We might not do so
because we don't compare the right value against NULL.

This corrects an error in a redundant check in the patch for
CVE-2013-1417.  The error in the check cannot occur in practice
because the other part of the patch for CVE-2013-1417 prevents it, but
static analyzers can flag the erroneous check.

[tlyu@mit.edu: edit commit message]

ticket: 7881 (new)
tags: pullup
target_version: 1.12.2

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index ef1aeed87a81e5c6be3ab56f29907ebdf1b8c48a..49a6ea68c3f3b8ecd27452726271a3d1f26951b9 100644 (file)
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -1117,7 +1117,7 @@ find_alternate_tgs(kdc_realm_t *kdc_active_realm, krb5_principal princ,
         goto cleanup;
     }
 cleanup:
-    if (retval == 0 && server_ptr == NULL)
+    if (retval == 0 && *server_ptr == NULL)
         retval = KRB5_KDB_NOENTRY;
     if (retval != 0)
         *status = "UNKNOWN_SERVER";