diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-01-02 21:56:29 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2006-01-02 21:56:29 +0000 |
| commit | cb7f8216584a63b77cd69f9cbb5e12658fbdd1b5 (patch) | |
| tree | 0f58408dd876b5c88202d922fa3cba2860cd186b | |
| parent | 5aa95b889234045fb7273b538b930f7d4fdebbe1 (diff) | |
| download | samba-cb7f8216584a63b77cd69f9cbb5e12658fbdd1b5.tar.gz samba-cb7f8216584a63b77cd69f9cbb5e12658fbdd1b5.tar.xz samba-cb7f8216584a63b77cd69f9cbb5e12658fbdd1b5.zip | |
r12681: Allow an entry to have no kerberos keys. This occours when an entry
is new, and has no password. It may also occour in the future if we
allow PKINIT. In any case, it shouldn't segfault :-)
Andrew Bartlett
| -rw-r--r-- | source/kdc/hdb-ldb.c | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/source/kdc/hdb-ldb.c b/source/kdc/hdb-ldb.c index ceffad7ef73..7cb02b82242 100644 --- a/source/kdc/hdb-ldb.c +++ b/source/kdc/hdb-ldb.c @@ -384,24 +384,32 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, ldb_keys = ldb_msg_find_element(msg, "krb5Key"); - /* allocate space to decode into */ - entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key)); - if (entry_ex->entry.keys.val == NULL) { - ret = ENOMEM; - goto out; - } - entry_ex->entry.keys.len = ldb_keys->num_values; - - /* Decode Kerberos keys into the hdb structure */ - for (i=0; i < entry_ex->entry.keys.len; i++) { - size_t decode_len; - ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, - &entry_ex->entry.keys.val[i], &decode_len); - if (ret) { - /* Could be bougus data in the entry, or out of memory */ + if (!ldb_keys) { + /* oh, no password. Apparently (comment in + * hdb-ldap.c) this violates the ASN.1, but this + * allows an entry with no keys (yet). */ + entry_ex->entry.keys.val = NULL; + entry_ex->entry.keys.len = 0; + } else { + /* allocate space to decode into */ + entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key)); + if (entry_ex->entry.keys.val == NULL) { + ret = ENOMEM; goto out; } - } + entry_ex->entry.keys.len = ldb_keys->num_values; + + /* Decode Kerberos keys into the hdb structure */ + for (i=0; i < entry_ex->entry.keys.len; i++) { + size_t decode_len; + ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, + &entry_ex->entry.keys.val[i], &decode_len); + if (ret) { + /* Could be bougus data in the entry, or out of memory */ + goto out; + } + } + } entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); if (entry_ex->entry.etypes == NULL) { |