From: Anastasia Belova <nabelova31@gmail.com>
Date: Mon, 2 Jun 2025 09:28:49 +0000 (+0300)
Subject: Fix pkinit_server_verify_padata() error handling
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1436%2Fhead;p=thirdparty%2Fkrb5.git

Fix pkinit_server_verify_padata() error handling

Avoid a null deference if pkinit_init_kdc_req_context() fails to
allocate reqctx.

[ghudson@mit.edu: fixed cleanup handler to work with reqctx == NULL
instead of avoiding the cleanup handler on allocation failure]
---

diff --git a/src/plugins/preauth/pkinit/pkinit_srv.c b/src/plugins/preauth/pkinit/pkinit_srv.c
index 7a0fa69ee2..13214d24ec 100644
--- a/src/plugins/preauth/pkinit/pkinit_srv.c
+++ b/src/plugins/preauth/pkinit/pkinit_srv.c
@@ -605,7 +605,7 @@ pkinit_server_verify_padata(krb5_context context,
     reqctx = NULL;
 
 cleanup:
-    if (retval && data->pa_type == KRB5_PADATA_PK_AS_REQ) {
+    if (retval && reqctx != NULL && data->pa_type == KRB5_PADATA_PK_AS_REQ) {
         pkiDebug("pkinit_verify_padata failed: creating e-data\n");
         if (pkinit_create_edata(context, plgctx->cryptoctx, reqctx->cryptoctx,
                                 plgctx->idctx, plgctx->opts, retval, &e_data))