From: Greg Hudson Date: Tue, 18 Jul 2017 16:29:12 +0000 (-0400) Subject: Prevent null dereference with keyboard master key X-Git-Tag: krb5-1.15.2-final~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=615506789cc7299e4e7b859d163f680228f1b724;p=thirdparty%2Fkrb5.git Prevent null dereference with keyboard master key If krb5_db_fetch_mkey() prompts for a master key and needs to determine the kvno, check that the master entry contains any key data before dereferencing the first element. Reported by Joshua Schaeffer. (cherry picked from commit 29c504504f0c56c861d968ba2498590bf34714cd) ticket: 8600 version_fixed: 1.15.2 --- diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index 4adf0fcbb2..690725765d 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -1220,11 +1220,12 @@ krb5_db_fetch_mkey(krb5_context context, krb5_principal mname, krb5_db_entry *master_entry; rc = krb5_db_get_principal(context, mname, 0, &master_entry); - if (rc == 0) { + if (rc == 0 && master_entry->n_key_data > 0) *kvno = (krb5_kvno) master_entry->key_data->key_data_kvno; - krb5_db_free_principal(context, master_entry); - } else + else *kvno = 1; + if (rc == 0) + krb5_db_free_principal(context, master_entry); } if (!salt)