krb5_get_cred_from_kdc fails to null terminate the tgt list
if the next tgt in a cross-realm traversal cannot be
obtained find_nxt_kdc() was calling krb5_free_creds()
on the last tgt in the list but was failing to nullify
the pointer to the cred that was just freed.
if there were no additional tgts obtained,
krb5_get_cred_from_kdc() would return a non-NULL terminated
cred list to the caller. This would result in a crash
when attempting to manipulate the non-existent cred past
the end of the list.
This commit nullifies the credential pointer in
find_nxt_kdc() after the call to krb5_free_creds()
ticket: new
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19195
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / commit