From: Greg Hudson Date: Fri, 3 Jul 2015 23:34:46 +0000 (-0400) Subject: Fix uncommon null dereference in PKINIT client X-Git-Tag: krb5-1.14-alpha1~81 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F291%2Fhead;p=thirdparty%2Fkrb5.git Fix uncommon null dereference in PKINIT client crypto_retrieve_cert_sans() is allowed to set its princs output to NULL, although the OpenSSL implementation rarely does. Fix the TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC for loop to allow this like other parts of the function do, and also get rid of the unnecessary princptr variable by using an integer index like other parts of the function. Based on a patch from Daniel Deptula. ticket: 8214 (new) target_version: 1.13.3 tags: pullup --- diff --git a/src/plugins/preauth/pkinit/pkinit_clnt.c b/src/plugins/preauth/pkinit/pkinit_clnt.c index 61dc1de1b5..e73ad53e99 100644 --- a/src/plugins/preauth/pkinit/pkinit_clnt.c +++ b/src/plugins/preauth/pkinit/pkinit_clnt.c @@ -466,7 +466,7 @@ verify_kdc_san(krb5_context context, { krb5_error_code retval; char **certhosts = NULL, **cfghosts = NULL, **hostptr; - krb5_principal *princs = NULL, *princptr; + krb5_principal *princs = NULL; unsigned char ***get_dns; int i, j; @@ -498,8 +498,8 @@ verify_kdc_san(krb5_context context, retval = KRB5KDC_ERR_KDC_NAME_MISMATCH; goto out; } - for (princptr = princs; *princptr != NULL; princptr++) - TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC(context, *princptr); + for (i = 0; princs != NULL && princs[i] != NULL; i++) + TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC(context, princs[i]); if (certhosts != NULL) { for (hostptr = certhosts; *hostptr != NULL; hostptr++) TRACE_PKINIT_CLIENT_SAN_KDCCERT_DNSNAME(context, *hostptr);