From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Thu, 16 Mar 2023 20:25:52 +0000 (+1300)
Subject: s4:kdc: Don't pass a NULL pointer into krb5_pac_add_buffer()
X-Git-Tag: samba-4.18.7~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f1b7a21a7f6e47377ab4f41a9741a87907438c01;p=thirdparty%2Fsamba.git

s4:kdc: Don't pass a NULL pointer into krb5_pac_add_buffer()

Heimdal contains an assertion that the data pointer is not NULL. We need
to pass in a pointer to some dummy data instead.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 47ef49fd91f050ce4a79a8471b3e66c808f48752)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15476
---

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index f844b08d513..621999faa29 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1793,6 +1793,9 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
 		DATA_BLOB type_blob = data_blob_null;
 		uint32_t type;
 
+		static char null_byte = '\0';
+		const krb5_data null_data = smb_krb5_make_data(&null_byte, 0);
+
 		if (forced_next_type != 0) {
 			/*
 			 * We need to inject possible missing types
@@ -1952,10 +1955,14 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
 			}
 		}
 
+		/*
+		 * Passing a NULL pointer into krb5_pac_add_buffer() is
+		 * not allowed, so pass null_data instead if needed.
+		 */
 		code = krb5_pac_add_buffer(context,
 					   new_pac,
 					   type,
-					   &type_data);
+					   (type_data.data != NULL) ? &type_data : &null_data);
 		smb_krb5_free_data_contents(context, &type_data);
 		if (code != 0) {
 			goto done;