From 3deefb0d147d71047a13ec2328b1b721da2ce256 Mon Sep 17 00:00:00 2001
From: Cy Schubert <cy@FreeBSD.org>
Date: Thu, 8 Dec 2022 15:22:43 -0800
Subject: [PATCH] heimdal: Properly ix bus fault when zero-length request
 received

Zero length client requests result in a bus fault when attempting to
free malloc()ed pointers within the requests softc. Return an error
when the request is zero length.

This properly fixes PR/268062 without regressions.

PR:		268062
Reported by:	Robert Morris <rtm@lcs.mit.edu>
MFC after:	3 days
---
 crypto/heimdal/kadmin/server.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/crypto/heimdal/kadmin/server.c b/crypto/heimdal/kadmin/server.c
index 19dfd89d521a..5e01277fe45b 100644
--- a/crypto/heimdal/kadmin/server.c
+++ b/crypto/heimdal/kadmin/server.c
@@ -473,6 +473,8 @@ v5_loop (krb5_context contextp,
 	ret = krb5_read_priv_message(contextp, ac, &fd, &in);
 	if(ret == HEIM_ERR_EOF)
 	    exit(0);
+	if (in.length == 0)
+	    ret = HEIM_ERR_OPNOTSUPP;
 	if(ret)
 	    krb5_err(contextp, 1, ret, "krb5_read_priv_message");
 	doing_useful_work = 1;