From: Andreas Schneider <asn@samba.org>
Date: Mon, 7 Mar 2022 15:02:18 +0000 (+0100)
Subject: s4:kdc: Fix comparison in samba_kdc_check_s4u2proxy()
X-Git-Tag: tevent-0.12.0~434
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27dd3d9fca094e19803bc0b934ff4c873138eb6a;p=thirdparty%2Fsamba.git

s4:kdc: Fix comparison in samba_kdc_check_s4u2proxy()

CID 1502873:  Control flow issues  (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always
true. "el->num_values >= 0U".

This is probably just a paranoia check as num_values should be set to at least
1 if the we have an LDAP entry.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
---

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index ff1241f06b9..f79ff1b8c3c 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -2746,6 +2746,7 @@ samba_kdc_check_s4u2proxy(krb5_context context,
 		ret = ENOENT;
 		goto bad_option;
 	}
+	SMB_ASSERT(el->num_values != 0);
 
 	/*
 	 * This is the Microsoft forwardable flag behavior.
@@ -2753,7 +2754,7 @@ samba_kdc_check_s4u2proxy(krb5_context context,
 	 * If the proxy (target) principal is NULL, and we have any authorized
 	 * delegation target, allow to forward.
 	 */
-	if (el->num_values >= 0 && target_principal == NULL) {
+	if (target_principal == NULL) {
 		return 0;
 	}