Fix apply_keysalt_policy bug

If apply_keysalt_policy is called with null result arguments (as from kadm5_setkey_principal_3), we would dereference a null pointer if the principal has no policy or no policy allowed_keysalts field, due to an incorrect optimization. Reported by Nico. ticket: 7223
krb5 · Aug 15, 2012 · b52d0c7 · b52d0c7
1 parent 4f6f91b
commit b52d0c7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
@@ -224,7 +224,7 @@ apply_keysalt_policy(kadm5_server_handle_t handle, const char *policy,
             goto cleanup;
     }
 
-    if (polent.allowed_keysalts == NULL && new_n_kstp != NULL) {
+    if (polent.allowed_keysalts == NULL) {
         /* Requested keysalts allowed or default to supported_enctypes. */
         if (n_ks_tuple == 0) {
             /* Default to supported_enctypes. */