Fix a Fortuna PRNG failure case

If we don't have entropy when krb5_c_random_make_octets is called,
unlock the mutex before returning an error.  From
kevin.wasserman@painless-security.com.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25295 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/crypto/krb/prng_fortuna.c b/src/lib/crypto/krb/prng_fortuna.c
index f559df75eeb9ac832a1b6618aadb9dd4bdc286ee..e40d341ee997cffd2f513e6c7e09bff2c4ba9d17 100644 (file)
--- a/src/lib/crypto/krb/prng_fortuna.c
+++ b/src/lib/crypto/krb/prng_fortuna.c
@@ -417,8 +417,10 @@ krb5_c_random_make_octets(krb5_context context, krb5_data *outdata)
     if (ret)
         return ret;
 
-    if (!have_entropy)
+    if (!have_entropy) {
+        k5_mutex_unlock(&fortuna_lock);
         return KRB5_CRYPTO_INTERNAL;
+    }
 
     if (pid != last_pid) {
         /* We forked; make sure child's PRNG stream differs from parent's. */