From 90cbf4eb60d8ec3c083195ba4a050a31ea36be0b Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Thu, 20 Feb 2014 16:01:49 -0500 Subject: Fix returning KDB_NOENTRY in find_alternate_tgs() After searching for a cross-realm TGS entry to provide to a client as a referral, if we're all set to return a success code but aren't actually returning an entry, we should be returning an error. We might not do so because we don't compare the right value against NULL. This corrects an error in a redundant check in the patch for CVE-2013-1417. The error in the check cannot occur in practice because the other part of the patch for CVE-2013-1417 prevents it, but static analyzers can flag the erroneous check. [tlyu@mit.edu: edit commit message] ticket: 7881 (new) tags: pullup target_version: 1.12.2 --- src/kdc/do_tgs_req.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index ef1aeed87..49a6ea68c 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -1117,7 +1117,7 @@ find_alternate_tgs(kdc_realm_t *kdc_active_realm, krb5_principal princ, goto cleanup; } cleanup: - if (retval == 0 && server_ptr == NULL) + if (retval == 0 && *server_ptr == NULL) retval = KRB5_KDB_NOENTRY; if (retval != 0) *status = "UNKNOWN_SERVER"; -- cgit