From 30589b2a1636de9f9b68591f0e546cb0fa21989f Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Tue, 31 Dec 2013 19:41:12 -0500
Subject: Fix possible null deref in previous

My rework of the do_tgs_req.c patch introduced a null deref if
decode_krb5_tgs_req() failed.

ticket: 7802
---
 src/kdc/do_tgs_req.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 5cfe0b64b1..6bc4f15c0e 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -145,11 +145,12 @@ process_tgs_req(struct server_handle *handle, krb5_data *pkt,
     session_key.contents = NULL;
 
     retval = decode_krb5_tgs_req(pkt, &request);
-    /* Save pointer to client-requested service principal, in case of errors
-     * before a successful call to search_sprinc(). */
-    sprinc = request->server;
     if (retval)
         return retval;
+    /* Save pointer to client-requested service principal, in case of
+     * errors before a successful call to search_sprinc(). */
+    sprinc = request->server;
+
     if (request->msg_type != KRB5_TGS_REQ) {
         krb5_free_kdc_req(handle->kdc_err_context, request);
         return KRB5_BADMSGTYPE;
-- 
cgit