From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 10 Aug 2023 04:35:52 +0000 (+1200)
Subject: s4:kdc: Consistently zero HDB structures
X-Git-Tag: tevent-0.16.0~993
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e496d774cd7264cf79e95ddc8d9e0e7bf45cb4b;p=thirdparty%2Fsamba.git

s4:kdc: Consistently zero HDB structures

To these conversion functions we sometimes pass malloc-allocated HDB
structures, which we free afterwards if conversion fails. If parts of
these structures are still uninitialized when we try to free them, all
sorts of fun things can result.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/kdc/sdb_to_hdb.c b/source4/kdc/sdb_to_hdb.c
index be7a6d4b912..c5cc23fda70 100644
--- a/source4/kdc/sdb_to_hdb.c
+++ b/source4/kdc/sdb_to_hdb.c
@@ -75,6 +75,8 @@ static int sdb_salt_to_Salt(const struct sdb_salt *s, Salt *h)
 {
 	int ret;
 
+	ZERO_STRUCTP(h);
+
 	h->type = s->type;
 	ret = smb_krb5_copy_data_contents(&h->salt, s->salt.data, s->salt.length);
 	if (ret != 0) {
@@ -126,6 +128,8 @@ static int sdb_keys_to_Keys(const struct sdb_keys *s, Keys *h)
 {
 	int ret, i;
 
+	ZERO_STRUCTP(h);
+
 	h->len = s->len;
 	if (s->val != NULL) {
 		h->val = malloc(h->len * sizeof(Key));
@@ -177,6 +181,8 @@ static int sdb_event_to_Event(krb5_context context,
 {
 	int ret;
 
+	ZERO_STRUCTP(h);
+
 	if (s->principal != NULL) {
 		ret = krb5_copy_principal(context,
 					  s->principal,