[libheimdal-kadm5-perl] 18/27: Guard against a NULL mod_name

Mon Dec 18 05:02:29 UTC 2017

This is an automated email from the git hooks/post-receive script.

rra pushed a commit to branch master
in repository libheimdal-kadm5-perl.

commit [33m1a9699fe3ee9f395e36fb3f4256fd0261c926728[m
Author: Russ Allbery <eagle at eyrie.org>
Date:   Mon Dec 18 03:55:48 2017

    Guard against a NULL mod_name
    
    * Guard against a NULL mod_name in getModName and return undef.  Thanks,
      Sergio Gelato.  (Closes: #670517)
---
 debian/changelog                                 |  2 ++
 debian/patches/guard-against-null-mod-name.patch | 28 ++++++++++++++++++++++++
 debian/patches/series                            |  1 +
 3 files changed, 31 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 39e5803..d38fcac 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,7 @@
 libheimdal-kadm5-perl (0.08-5) UNRELEASED; urgency=medium
 
+  * Guard against a NULL mod_name in getModName and return undef.  Thanks,
+    Sergio Gelato.  (Closes: #670517)
   * Convert to a proper 3.0 (quilt) package with managed patches.
   * Contribute the package to the Debian Perl Group.
     - Change Maintainer to the group.
diff --git a/debian/patches/guard-against-null-mod-name.patch b/debian/patches/guard-against-null-mod-name.patch
new file mode 100644
index 0000000..15bf83e
--- /dev/null
+++ b/debian/patches/guard-against-null-mod-name.patch
@@ -0,0 +1,28 @@
+Description: Guard against NULL pointer dereference in krb5_unparse_name
+Author: Sergio Gelato <Sergio.Gelato at astro.su.se>
+
+--- a/Kadm5.xs
++++ b/Kadm5.xs
+@@ -737,14 +737,19 @@
+        char *p;
+        krb5_error_code ret;
+        
+-       ret = krb5_unparse_name(spp->handle->context,spp->principal.mod_name,&p);
+-       if (ret)
++       if (spp->principal.mod_name) 
++       {
++         ret = krb5_unparse_name(spp->handle->context,spp->principal.mod_name,&p);
++         if (ret)
+ 	 {
+ 	   safefree(p);
+ 	   croak("[Heimdal::Kadm5] krb5_unparse_name failed: %s\n",
+ 		 krb5_get_err_text(spp->handle->context, ret));
+ 	 }
+-       RETVAL = newSVpv(p,0);
++	 RETVAL = newSVpv(p,0);
++       }
++       else
++	 RETVAL = &PL_sv_undef;
+      }
+      OUTPUT:
+      RETVAL
diff --git a/debian/patches/series b/debian/patches/series
index bbe36b7..468baa8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 fix-library-calls.patch
+guard-against-null-mod-name.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libheimdal-kadm5-perl.git

