From: Tom Yu <tlyu@mit.edu>
Date: Tue, 19 Dec 2006 04:16:22 +0000 (+0000)
Subject: don't pass null pointer to krb5_do_preauth_tryagain()
X-Git-Tag: krb5-1.7-alpha1~1391
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cae1f6d47f72fb97957dd7f8e452f0b850769a94;p=krb5.git

don't pass null pointer to krb5_do_preauth_tryagain()

	* src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): If
	the error isn't PREAUTH_NEEDED and preauth_to_use is null, return
	the error in err_reply, rather than attempting to pass a null
	pointer to krb5_do_preauth_tryagain().

ticket: new
status: open
target_version: 1.6

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18976 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index c12bd5b4b..8470724ea 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -1114,26 +1114,33 @@ krb5_get_init_creds(krb5_context context,
 				       &get_data_rock)))
 	        goto cleanup;
 	} else {
-	    /* retrying after an error other than PREAUTH_NEEDED, using e-data
-	     * to figure out what to change */
-	    if (krb5_do_preauth_tryagain(context,
-					 &request,
-					 encoded_request_body,
-					 encoded_previous_request,
-					 preauth_to_use, &request.padata,
-					 err_reply,
-					 &salt, &s2kparams, &etype, &as_key,
-					 prompter, prompter_data,
-					 gak_fct, gak_data,
-					 &get_data_rock)) {
-		/* couldn't come up with anything better */
-	        ret = err_reply->error + ERROR_TABLE_BASE_krb5;
-	        krb5_free_error(context, err_reply);
-	        err_reply = NULL;
-		goto cleanup;
+	    if (preauth_to_use != NULL) {
+		/*
+		 * Retry after an error other than PREAUTH_NEEDED,
+		 * using e-data to figure out what to change.
+		 */
+		ret = krb5_do_preauth_tryagain(context,
+					       &request,
+					       encoded_request_body,
+					       encoded_previous_request,
+					       preauth_to_use, &request.padata,
+					       err_reply,
+					       &salt, &s2kparams, &etype,
+					       &as_key,
+					       prompter, prompter_data,
+					       gak_fct, gak_data,
+					       &get_data_rock);
+	    } else {
+		/* No preauth supplied, so can't query the plug-ins. */
+		ret = KRB5KRB_ERR_GENERIC;
 	    }
 	    krb5_free_error(context, err_reply);
 	    err_reply = NULL;
+	    if (ret) {
+		/* couldn't come up with anything better */
+		ret = err_reply->error + ERROR_TABLE_BASE_krb5;
+		goto cleanup;
+	    }
 	}
 
         if (encoded_previous_request != NULL) {