The branch stable/12 has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=30584910c39f1a63ea594fe5c3a82cdf5d9ee40e
commit 30584910c39f1a63ea594fe5c3a82cdf5d9ee40e Author: Cy Schubert <[email protected]> AuthorDate: 2022-12-09 14:06:04 +0000 Commit: Cy Schubert <[email protected]> CommitDate: 2022-12-12 14:41:21 +0000 heimdal: kadm5_c_get_principal() should check return code kadm5_c_get_principal() should check the return code from kadm5_ret_principal_ent(). As it doesn't it assumes success when there is none and can lead to potential vulnerability. Fix this. Reported by: [email protected] (cherry picked from commit f6d5d31cd5d5b409851b3bf82c41a477a643a486) --- crypto/heimdal/lib/kadm5/get_c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c index 3c31a515b2f3..3cbfefdbf334 100644 --- a/crypto/heimdal/lib/kadm5/get_c.c +++ b/crypto/heimdal/lib/kadm5/get_c.c @@ -77,7 +77,7 @@ kadm5_c_get_principal(void *server_handle, ret = tmp; krb5_clear_error_message(context->context); if(ret == 0) - kadm5_ret_principal_ent(sp, out); + ret = kadm5_ret_principal_ent(sp, out); krb5_storage_free(sp); krb5_data_free (&reply); return ret;
