diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2006-01-02 21:56:29 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:49:37 -0500 |
| commit | 2d9bd9b3a5b8cd76835e120dcf4442c072f95eda (patch) | |
| tree | 8dcc09010590045357cc5c09b66469e90a03db9e /source4/kdc/hdb-ldb.c | |
| parent | e25e37e0b6a9098065b5fe905f45e43e7560a58e (diff) | |
| download | samba-2d9bd9b3a5b8cd76835e120dcf4442c072f95eda.tar.gz samba-2d9bd9b3a5b8cd76835e120dcf4442c072f95eda.tar.bz2 samba-2d9bd9b3a5b8cd76835e120dcf4442c072f95eda.zip | |
r12681: Allow an entry to have no kerberos keys. This occours when an entry
is new, and has no password. It may also occour in the future if we
allow PKINIT. In any case, it shouldn't segfault :-)
Andrew Bartlett
(This used to be commit 686fea241b7a8ca286099eadfa2ed177367dafdc)
Diffstat (limited to 'source4/kdc/hdb-ldb.c')
| -rw-r--r-- | source4/kdc/hdb-ldb.c | 40 |
1 files changed, 24 insertions, 16 deletions
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index ceffad7ef7..7cb02b8224 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -384,24 +384,32 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, ldb_keys = ldb_msg_find_element(msg, "krb5Key"); - /* allocate space to decode into */ - entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key)); - if (entry_ex->entry.keys.val == NULL) { - ret = ENOMEM; - goto out; - } - entry_ex->entry.keys.len = ldb_keys->num_values; - - /* Decode Kerberos keys into the hdb structure */ - for (i=0; i < entry_ex->entry.keys.len; i++) { - size_t decode_len; - ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, - &entry_ex->entry.keys.val[i], &decode_len); - if (ret) { - /* Could be bougus data in the entry, or out of memory */ + if (!ldb_keys) { + /* oh, no password. Apparently (comment in + * hdb-ldap.c) this violates the ASN.1, but this + * allows an entry with no keys (yet). */ + entry_ex->entry.keys.val = NULL; + entry_ex->entry.keys.len = 0; + } else { + /* allocate space to decode into */ + entry_ex->entry.keys.val = calloc(ldb_keys->num_values, sizeof(Key)); + if (entry_ex->entry.keys.val == NULL) { + ret = ENOMEM; goto out; } - } + entry_ex->entry.keys.len = ldb_keys->num_values; + + /* Decode Kerberos keys into the hdb structure */ + for (i=0; i < entry_ex->entry.keys.len; i++) { + size_t decode_len; + ret = decode_Key(ldb_keys->values[i].data, ldb_keys->values[i].length, + &entry_ex->entry.keys.val[i], &decode_len); + if (ret) { + /* Could be bougus data in the entry, or out of memory */ + goto out; + } + } + } entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); if (entry_ex->entry.etypes == NULL) { |