Fix krb5_ldap_list_policy() filtering loop

The loop at the end of this function is intended to ignore ticket
policy DNs that can't be converted to names.  But it instead leaves a
hole in the output list if that happens, effectively truncating the
list and leaking any subsequent entries.  Use the correct index for
the output list.

ticket: 9148 (new)

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
index 01c9eebaebaeffc88c51a5f0eb521e8da0b47614..52f09497ebe84c3f09160bdb45d8c0f3b43ec4ec 100644 (file)
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -382,7 +382,7 @@ krb5_ldap_list_policy(krb5_context context, char *containerdn, char ***policy)
 
     for (i = 0, j = 0; list[i] != NULL; i++, j++) {
         int ret;
-        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[i]);
+        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[j]);
         if (ret != 0)
             j--;
     }