The branch main has been updated by cy: URL: https://cgit.FreeBSD.org/src/commit/?id=f6d5d31cd5d5b409851b3bf82c41a477a643a486
commit f6d5d31cd5d5b409851b3bf82c41a477a643a486 Author: Cy Schubert <[email protected]> AuthorDate: 2022-12-09 14:06:04 +0000 Commit: Cy Schubert <[email protected]> CommitDate: 2022-12-09 14:09:54 +0000 heimdal: kadm5_c_get_principal() should check return code kadm5_c_get_principal() should check the return code from kadm5_ret_principal_ent(). As it doesn't it assumes success when there is none and can lead to potential vulnerability. Fix this. Reported by: [email protected] MFC after: 3 days --- crypto/heimdal/lib/kadm5/get_c.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto/heimdal/lib/kadm5/get_c.c b/crypto/heimdal/lib/kadm5/get_c.c index 3c31a515b2f3..3cbfefdbf334 100644 --- a/crypto/heimdal/lib/kadm5/get_c.c +++ b/crypto/heimdal/lib/kadm5/get_c.c @@ -77,7 +77,7 @@ kadm5_c_get_principal(void *server_handle, ret = tmp; krb5_clear_error_message(context->context); if(ret == 0) - kadm5_ret_principal_ent(sp, out); + ret = kadm5_ret_principal_ent(sp, out); krb5_storage_free(sp); krb5_data_free (&reply); return ret;
