From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Date: Wed, 17 Mar 2021 21:44:46 +0000 (-0400)
Subject: Fix multiple UPN handling in PKINIT client certs
X-Git-Tag: krb5-1.20-beta1~100
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4e325cadee4f5511e494f0b4fd9faeb24e7b7c08;p=thirdparty%2Fkrb5.git

Fix multiple UPN handling in PKINIT client certs

Commit 0f26c1c7504777d6e7bfa1d3dee575c504ab6c05 neglected to increment
the array index when storing UPN strings.  Also remove the unused
num_found variable.

[ghudson@mit.edu: pulled from a larger commit; added removal of
num_found; wrote commit message]

ticket: 9000 (new)
---

diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index fbbdab5108..2639104802 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -1964,7 +1964,7 @@ crypto_retrieve_X509_sans(krb5_context context,
     krb5_principal *princs = NULL;
     char **upns = NULL;
     unsigned char **dnss = NULL;
-    unsigned int i, num_found = 0, num_sans = 0;
+    unsigned int i, num_sans = 0;
     X509_EXTENSION *ext = NULL;
     GENERAL_NAMES *ialt = NULL;
     GENERAL_NAME *gen = NULL;
@@ -2047,7 +2047,6 @@ crypto_retrieve_X509_sans(krb5_context context,
                              __FUNCTION__);
                 } else {
                     p++;
-                    num_found++;
                 }
             } else if (upns != NULL &&
                        OBJ_cmp(plgctx->id_ms_san_upn,
@@ -2058,6 +2057,7 @@ crypto_retrieve_X509_sans(krb5_context context,
                 upns[u] = k5memdup0(name.data, name.length, &ret);
                 if (upns[u] == NULL)
                     goto cleanup;
+                u++;
             } else {
                 pkiDebug("%s: unrecognized othername oid in SAN\n",
                          __FUNCTION__);
@@ -2079,7 +2079,6 @@ crypto_retrieve_X509_sans(krb5_context context,
                              __FUNCTION__);
                 } else {
                     d++;
-                    num_found++;
                 }
             }
             break;