From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 27 Oct 2024 23:01:51 +0000 (-0400)
Subject: Fix krb5_ldap_list_policy() filtering loop
X-Git-Tag: krb5-1.22-beta1~57
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1384%2Fhead;p=thirdparty%2Fkrb5.git

Fix krb5_ldap_list_policy() filtering loop

The loop at the end of this function is intended to ignore ticket
policy DNs that can't be converted to names.  But it instead leaves a
hole in the output list if that happens, effectively truncating the
list and leaking any subsequent entries.  Use the correct index for
the output list.

ticket: 9148 (new)
---

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
index 01c9eebaeb..52f09497eb 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -382,7 +382,7 @@ krb5_ldap_list_policy(krb5_context context, char *containerdn, char ***policy)
 
     for (i = 0, j = 0; list[i] != NULL; i++, j++) {
         int ret;
-        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[i]);
+        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[j]);
         if (ret != 0)
             j--;
     }