s3:gse_krb5: fix a possible crash in fill_mem_keytab_from_system_keytab()

If the keytab file isn't readable, we may call krb5_kt_end_seq_get() with an invalid kt_cursor. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10490 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Saxl <mike@mwsys.mine.bz> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit a9780a2eaa9cba4ab87cc3371d97fa494fa0198c)
author: Michael Saxl <mike@mwsys.mine.bz> 2017-06-24 13:41:48 +0200
committer: Karolin Seeger <kseeger@samba.org> 2017-07-03 11:07:16 +0200
commit: a971f23c05e849d4930ce470b12c8f5ea3172390 (patch)
tree: e1902bf30529b1e72b2097b5f75b2c8a3972552d
parent: eb587fb5a611876de0e01e187bb41c4375cde6cd (diff)
download: samba-a971f23c05e849d4930ce470b12c8f5ea3172390.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index 703d1b4c925..4dd39eaf08d 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -437,6 +437,14 @@ static krb5_error_code fill_mem_keytab_from_system_keytab(krb5_context krbctx,
 	if (ret) {
 		DEBUG(1, (__location__ ": krb5_kt_start_seq_get failed (%s)\n",
 			  error_message(ret)));
+		/*
+		 * krb5_kt_start_seq_get() may leaves bogus data
+		 * in kt_cursor. And we want to use the all_zero()
+		 * logic below.
+		 *
+		 * See bug #10490
+		 */
+		ZERO_STRUCT(kt_cursor);
 		goto out;
 	}
author	Michael Saxl <mike@mwsys.mine.bz>	2017-06-24 13:41:48 +0200
committer	Karolin Seeger <kseeger@samba.org>	2017-07-03 11:07:16 +0200
commit	a971f23c05e849d4930ce470b12c8f5ea3172390 (patch)
tree	e1902bf30529b1e72b2097b5f75b2c8a3972552d
parent	eb587fb5a611876de0e01e187bb41c4375cde6cd (diff)
download	samba-a971f23c05e849d4930ce470b12c8f5ea3172390.tar.gz