From c33f6b2c370379dfd010600adc59e7439f1318f7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 24 Apr 2006 09:36:24 +0000
Subject: r15192: Update Samba4 to use current lorikeet-heimdal.

Andrew Bartlett
(This used to be commit f0e538126c5cb29ca14ad0d8281eaa0a715ed94f)
---
 source4/heimdal/lib/krb5/rd_req.c | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

(limited to 'source4/heimdal/lib/krb5/rd_req.c')

diff --git a/source4/heimdal/lib/krb5/rd_req.c b/source4/heimdal/lib/krb5/rd_req.c
index 313c14f6e6..0d4635b964 100644
--- a/source4/heimdal/lib/krb5/rd_req.c
+++ b/source4/heimdal/lib/krb5/rd_req.c
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: rd_req.c,v 1.61 2005/11/29 18:22:51 lha Exp $");
+RCSID("$Id: rd_req.c,v 1.63 2006/04/10 10:14:44 lha Exp $");
 
 static krb5_error_code
 decrypt_tkt_enc_part (krb5_context context,
@@ -279,8 +279,10 @@ krb5_verify_authenticator_checksum(krb5_context context,
 				      &authenticator);
     if(ret)
 	return ret;
-    if(authenticator->cksum == NULL)
+    if(authenticator->cksum == NULL) {
+	krb5_free_authenticator(context, &authenticator);
 	return -17;
+    }
     ret = krb5_auth_con_getkey(context, ac, &key);
     if(ret) {
 	krb5_free_authenticator(context, &authenticator);
@@ -340,6 +342,9 @@ krb5_verify_ap_req2(krb5_context context,
     krb5_error_code ret;
     EtypeList etypes;
     
+    if (ticket)
+	*ticket = NULL;
+
     if (auth_context && *auth_context) {
 	ac = *auth_context;
     } else {
@@ -348,13 +353,12 @@ krb5_verify_ap_req2(krb5_context context,
 	    return ret;
     }
 
-    t = malloc(sizeof(*t));
+    t = calloc(1, sizeof(*t));
     if (t == NULL) {
 	ret = ENOMEM;
 	krb5_clear_error_string (context);
 	goto out;
     }
-    memset(t, 0, sizeof(*t));
 
     if (ap_req->ap_options.use_session_key && ac->keyblock){
 	ret = krb5_decrypt_ticket(context, &ap_req->ticket, 
@@ -372,14 +376,17 @@ krb5_verify_ap_req2(krb5_context context,
     if(ret)
 	goto out;
 
-    _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname, 
-				       ap_req->ticket.realm);
-    _krb5_principalname2krb5_principal(&t->client, t->ticket.cname, 
-				       t->ticket.crealm);
+    ret = _krb5_principalname2krb5_principal(&t->server, ap_req->ticket.sname, 
+					     ap_req->ticket.realm);
+    if (ret) goto out;
+    ret = _krb5_principalname2krb5_principal(&t->client, t->ticket.cname, 
+					     t->ticket.crealm);
+    if (ret) goto out;
 
     /* save key */
 
-    krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
+    ret = krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
+    if (ret) goto out;
 
     ret = decrypt_authenticator (context,
 				 &t->ticket.key,
-- 
cgit