pull up r18976 from trunk
authorTom Yu <tlyu@mit.edu>
Thu, 21 Dec 2006 22:27:40 +0000 (22:27 +0000)
committerTom Yu <tlyu@mit.edu>
Thu, 21 Dec 2006 22:27:40 +0000 (22:27 +0000)
 r18976@cathode-dark-space:  tlyu | 2006-12-18 23:16:22 -0500
 ticket: new
 status: open
 target_version: 1.6
 subject: don't pass null pointer to krb5_do_preauth_tryagain()

  * src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): If
  the error isn't PREAUTH_NEEDED and preauth_to_use is null, return
  the error in err_reply, rather than attempting to pass a null
  pointer to krb5_do_preauth_tryagain().

ticket: 5123
version_fixed: 1.6

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19006 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/get_in_tkt.c

index c12bd5b4be15e1fef146d84c120e419bc7032be3..8470724ea4a1e0e4a9610d2897daa50e1315f623 100644 (file)
@@ -1114,26 +1114,33 @@ krb5_get_init_creds(krb5_context context,
                                       &get_data_rock)))
                goto cleanup;
        } else {
-           /* retrying after an error other than PREAUTH_NEEDED, using e-data
-            * to figure out what to change */
-           if (krb5_do_preauth_tryagain(context,
-                                        &request,
-                                        encoded_request_body,
-                                        encoded_previous_request,
-                                        preauth_to_use, &request.padata,
-                                        err_reply,
-                                        &salt, &s2kparams, &etype, &as_key,
-                                        prompter, prompter_data,
-                                        gak_fct, gak_data,
-                                        &get_data_rock)) {
-               /* couldn't come up with anything better */
-               ret = err_reply->error + ERROR_TABLE_BASE_krb5;
-               krb5_free_error(context, err_reply);
-               err_reply = NULL;
-               goto cleanup;
+           if (preauth_to_use != NULL) {
+               /*
+                * Retry after an error other than PREAUTH_NEEDED,
+                * using e-data to figure out what to change.
+                */
+               ret = krb5_do_preauth_tryagain(context,
+                                              &request,
+                                              encoded_request_body,
+                                              encoded_previous_request,
+                                              preauth_to_use, &request.padata,
+                                              err_reply,
+                                              &salt, &s2kparams, &etype,
+                                              &as_key,
+                                              prompter, prompter_data,
+                                              gak_fct, gak_data,
+                                              &get_data_rock);
+           } else {
+               /* No preauth supplied, so can't query the plug-ins. */
+               ret = KRB5KRB_ERR_GENERIC;
            }
            krb5_free_error(context, err_reply);
            err_reply = NULL;
+           if (ret) {
+               /* couldn't come up with anything better */
+               ret = err_reply->error + ERROR_TABLE_BASE_krb5;
+               goto cleanup;
+           }
        }
 
         if (encoded_previous_request != NULL) {