diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2022-12-09 14:06:04 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2022-12-09 14:09:54 +0000 |
| commit | f6d5d31cd5d5b409851b3bf82c41a477a643a486 (patch) | |
| tree | 00f147d25b5349e12b8bddd3fb7eb27575cb761d | |
| parent | 3deefb0d147d71047a13ec2328b1b721da2ce256 (diff) | |
| download | src-f6d5d31cd5d5b409851b3bf82c41a477a643a486.tar.gz src-f6d5d31cd5d5b409851b3bf82c41a477a643a486.zip | |
heimdal: kadm5_c_get_principal() should check return code
kadm5_c_get_principal() should check the return code from
kadm5_ret_principal_ent(). As it doesn't it assumes success when
there is none and can lead to potential vulnerability. Fix this.
Reported by: rtm@csail.mit.edu
MFC after: 3 days
| -rw-r--r-- | crypto/heimdal/lib/kadm5/get_c.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c index 3c31a515b2f3..3cbfefdbf334 100644 --- a/crypto/heimdal/lib/kadm5/get_c.c +++ b/crypto/heimdal/lib/kadm5/get_c.c @@ -77,7 +77,7 @@ kadm5_c_get_principal(void *server_handle, ret = tmp; krb5_clear_error_message(context->context); if(ret == 0) - kadm5_ret_principal_ent(sp, out); + ret = kadm5_ret_principal_ent(sp, out); krb5_storage_free(sp); krb5_data_free (&reply); return ret; |