From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 15 Aug 2012 19:12:12 +0000 (-0400)
Subject: Fix apply_keysalt_policy bug
X-Git-Tag: krb5-1.11-alpha1~319
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b52d0c793c82e9c74f03b1d2a5d251a1adc4626f;p=thirdparty%2Fkrb5.git

Fix apply_keysalt_policy bug

If apply_keysalt_policy is called with null result arguments (as from
kadm5_setkey_principal_3), we would dereference a null pointer if the
principal has no policy or no policy allowed_keysalts field, due to an
incorrect optimization.  Reported by Nico.

ticket: 7223
---

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index f405f55ca9..5d858279d3 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -224,7 +224,7 @@ apply_keysalt_policy(kadm5_server_handle_t handle, const char *policy,
             goto cleanup;
     }
 
-    if (polent.allowed_keysalts == NULL && new_n_kstp != NULL) {
+    if (polent.allowed_keysalts == NULL) {
         /* Requested keysalts allowed or default to supported_enctypes. */
         if (n_ks_tuple == 0) {
             /* Default to supported_enctypes. */