From 0a23b0cd9466e8a7c6fb82fce185be6e0834ce26 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 27 Oct 2024 19:01:51 -0400
Subject: [PATCH] Fix krb5_ldap_list_policy() filtering loop

The loop at the end of this function is intended to ignore ticket
policy DNs that can't be converted to names.  But it instead leaves a
hole in the output list if that happens, effectively truncating the
list and leaking any subsequent entries.  Use the correct index for
the output list.

ticket: 9148 (new)
---
 src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
index 01c9eebaeb..52f09497eb 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -382,7 +382,7 @@ krb5_ldap_list_policy(krb5_context context, char *containerdn, char ***policy)
 
     for (i = 0, j = 0; list[i] != NULL; i++, j++) {
         int ret;
-        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[i]);
+        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[j]);
         if (ret != 0)
             j--;
     }
-- 
2.47.2