CVE-2018-16853: Do not segfault if client is not set

This can be triggered with FAST but we don't support this yet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

1 files changed, 16 insertions, 0 deletions

diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
index 81ac73582e0..fc80329f221 100644
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -461,6 +461,14 @@ void kdb_samba_db_audit_as_req(krb5_context context,
 			       krb5_timestamp authtime,
 			       krb5_error_code error_code)
 {
+	/*
+	 * FIXME: This segfaulted with a FAST test
+	 * FIND_FAST: <unknown client> for <unknown server>, Unknown FAST armor type 0
+	 */
+	if (client == NULL) {
+		return;
+	}
+
 	samba_bad_password_count(client, error_code);
 
 	/* TODO: perform proper audit logging for addresses */
@@ -473,6 +481,14 @@ void kdb_samba_db_audit_as_req(krb5_context context,
 			       krb5_timestamp authtime,
 			       krb5_error_code error_code)
 {
+	/*
+	 * FIXME: This segfaulted with a FAST test
+	 * FIND_FAST: <unknown client> for <unknown server>, Unknown FAST armor type 0
+	 */
+	if (client == NULL) {
+		return;
+	}
+
 	samba_bad_password_count(client, error_code);
 }
 #endif