From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Mon, 30 Oct 2023 02:09:28 +0000 (+1300)
Subject: s4:auth: Check that the PAC is not NULL before dereferencing it
X-Git-Tag: talloc-2.4.2~926
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=915b40521e660a4e685f45bbb4dd1bc7308492d1;p=thirdparty%2Fsamba.git

s4:auth: Check that the PAC is not NULL before dereferencing it

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
---

diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 4f291d81064..c33dc2f9217 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -337,6 +337,11 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
 		return ENOMEM;
 	}
 
+	if (pac == NULL) {
+		talloc_free(tmp_ctx);
+		return EINVAL;
+	}
+
 	ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_LOGON_INFO, &k5pac_logon_info_in);
 	if (ret != 0) {
 		talloc_free(tmp_ctx);