heimdal: Resolve hdb_free_entry() SIGSEGV/SIGILL

When the client sends kadmind a create principal (kadm_create) request kadm_s_create_principal() returns an error before zeroing out ent (an hdb entry structure wrapper -- hdb_entry_ex), resulting in a NULL reference. Fix obtained from upstream commit 35ea4955a. PR: 268059 Reported by: Robert Morris <rtm@lcs.mit.edu> Obtained from: Heimdal commit 35ea4955a MFC after: 3 days
2023-02-07 07:46:59 -08:00 · 2023-02-07 07:46:59 -08:00 · 6a70e0b4cd
commit 6a70e0b4cd
parent 0dfaefa975
1 changed files with 1 additions and 1 deletions
--- a/crypto/heimdal/lib/kadm5/create_s.c
+++ b/crypto/heimdal/lib/kadm5/create_s.c
@ -65,6 +65,7 @@ create_principal(kadm5_server_context *context,
    kadm5_principal_ent_rec defrec, *defent;
    uint32_t def_mask;

+    memset(ent, 0, sizeof(*ent));
    if((mask & required_mask) != required_mask)
 	return KADM5_BAD_MASK;
    if((mask & forbidden_mask))
@ -72,7 +73,6 @@ create_principal(kadm5_server_context *context,
    if((mask & KADM5_POLICY) && strcmp(princ->policy, "default"))
 	/* XXX no real policies for now */
 	return KADM5_UNK_POLICY;
-    memset(ent, 0, sizeof(*ent));
    ret  = krb5_copy_principal(context->context, princ->principal,
 			       &ent->entry.principal);
    if(ret)