From: Matt Rogers <mrogers@redhat.com>
Date: Fri, 15 Apr 2016 21:27:36 +0000 (-0400)
Subject: Fix krb5_def_fetch_mkey_list() segfault
X-Git-Tag: krb5-1.15-beta1~219
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=83494605b2dd594ab33f9b3cfa5abc82cf0f9e92;p=thirdparty%2Fkrb5.git

Fix krb5_def_fetch_mkey_list() segfault

Return KRB5_KDB_NOMASTERKEY if K/M contains no key data, instead of
blindly dereferencing the first key data element.

ticket: 8395 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
---

diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c
index 416f7d7d5e..ebda9d65ce 100644
--- a/src/lib/kdb/kdb_default.c
+++ b/src/lib/kdb/kdb_default.c
@@ -445,6 +445,11 @@ krb5_def_fetch_mkey_list(krb5_context        context,
     if (retval)
         return (retval);
 
+    if (master_entry->n_key_data == 0) {
+        retval = KRB5_KDB_NOMASTERKEY;
+        goto clean_n_exit;
+    }
+
     /*
      * Check if the input mkey is the latest key and if it isn't then find the
      * latest mkey.