1 files changed, 15 insertions, 11 deletions

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 39926a680c..5f0378b261 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -296,23 +296,22 @@ bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx,
 		return false;
 	}
 
-	asn1_load(data, *edata);
-	asn1_start_tag(data, ASN1_SEQUENCE(0));
-	asn1_start_tag(data, ASN1_CONTEXT(1));
-	asn1_read_Integer(data, &edata_type);
+	if (!asn1_load(data, *edata)) goto err;
+	if (!asn1_start_tag(data, ASN1_SEQUENCE(0))) goto err;
+	if (!asn1_start_tag(data, ASN1_CONTEXT(1))) goto err;
+	if (!asn1_read_Integer(data, &edata_type)) goto err;
 
 	if (edata_type != KRB5_PADATA_PW_SALT) {
 		DEBUG(0,("edata is not of required type %d but of type %d\n",
 			KRB5_PADATA_PW_SALT, edata_type));
-		asn1_free(data);
-		return false;
+		goto err;
 	}
 
-	asn1_start_tag(data, ASN1_CONTEXT(2));
-	asn1_read_OctetString(data, talloc_tos(), &edata_contents);
-	asn1_end_tag(data);
-	asn1_end_tag(data);
-	asn1_end_tag(data);
+	if (!asn1_start_tag(data, ASN1_CONTEXT(2))) goto err;
+	if (!asn1_read_OctetString(data, talloc_tos(), &edata_contents)) goto err;
+	if (!asn1_end_tag(data)) goto err;
+	if (!asn1_end_tag(data)) goto err;
+	if (!asn1_end_tag(data)) goto err;
 	asn1_free(data);
 
 	*edata_out = data_blob_talloc(mem_ctx, edata_contents.data, edata_contents.length);
@@ -320,6 +319,11 @@ bool unwrap_edata_ntstatus(TALLOC_CTX *mem_ctx,
 	data_blob_free(&edata_contents);
 
 	return true;
+
+  err:
+
+	asn1_free(data);
+	return false;
 }