service location plugin returning no addresses handled incorrectly

If a locate plugin (e.g., the Python sample plugin and script, when
given realm BOBO.MIT.EDU) returns no error but no addresses, the library
won't report an error, but will try to make contact, and eventually
crash with a null pointer dereference.

Fix: If a plugin returns a value other than PLUGIN_NO_HANDLE, including
success, continue into the code that checks for an empty address list.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19399 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index 059a5c1c00950cc736c75f240824b40bdfec0977..a59fc63b35a42f43e99a4a3ddc399f4ac3b0b734 100644 (file)
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -786,28 +786,28 @@ krb5int_locate_server (krb5_context context, const krb5_data *realm,
 
     code = module_locate_server(context, realm, &al, svc, socktype, family);
     Tprintf("module_locate_server returns %d\n", code);
-    if (code != KRB5_PLUGIN_NO_HANDLE) {
-       *addrlist = al;
-       return code;
-    }
-
-    /*
-     * We always try the local file before DNS
-     */
-
-    code = prof_locate_server(context, realm, &al, svc, socktype, family);
+    if (code == KRB5_PLUGIN_NO_HANDLE) {
+       /*
+        * We always try the local file before DNS.  Note that there
+        * is no way to indicate "service not available" via the
+        * config file.
+        */
 
-    /* We could put more heuristics here, like looking up a hostname
-       of "kerberos."+REALM, etc.  */
+       code = prof_locate_server(context, realm, &al, svc, socktype, family);
 
 #ifdef KRB5_DNS_LOOKUP
-    if (code) {
-       krb5_error_code code2;
-       code2 = dns_locate_server(context, realm, &al, svc, socktype, family);
-       if (code2 != KRB5_PLUGIN_NO_HANDLE)
-           code = code2;
-    }
+       if (code) {             /* Try DNS for all profile errors?  */
+           krb5_error_code code2;
+           code2 = dns_locate_server(context, realm, &al, svc, socktype,
+                                     family);
+           if (code2 != KRB5_PLUGIN_NO_HANDLE)
+               code = code2;
+       }
 #endif /* KRB5_DNS_LOOKUP */
+
+       /* We could put more heuristics here, like looking up a hostname
+          of "kerberos."+REALM, etc.  */
+    }
     if (code == 0)
        Tprintf ("krb5int_locate_server found %d addresses\n",
                 al.naddrs);