ldap_child: make sure invalid krb5 context is not used

Resolves: #7715 Reviewed-by: Alejandro López <[email protected]> Reviewed-by: Alexey Tikhonov <[email protected]> (cherry picked from commit fce94ae)
SSSD · Nov 22, 2024 · 3e7e0cc · 3e7e0cc
1 parent aa81ab0
commit 3e7e0cc
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
@@ -83,6 +83,10 @@ const char *sss_printable_keytab_name(krb5_context ctx, const char *keytab_name)
         return keytab_name;
     }
 
+    if (ctx == NULL) {
+        return "-unknown-";
+    }
+
     if (krb5_kt_default_name(ctx, buff, sizeof(buff)) != 0) {
         return "-default keytab-";
     }
@@ -1355,8 +1359,9 @@ krb5_error_code sss_krb5_init_context(krb5_context *context)
 {
     krb5_error_code kerr;
     const char *msg;
+    krb5_context ctx;
 
-    kerr = krb5_init_context(context);
+    kerr = krb5_init_context(&ctx);
     if (kerr != 0) {
         /* It is safe to call (sss_)krb5_get_error_message() with NULL as first
          * argument. */
@@ -1365,6 +1370,8 @@ krb5_error_code sss_krb5_init_context(krb5_context *context)
               "Failed to init Kerberos context [%s]\n", msg);
         sss_log(SSS_LOG_CRIT, "Failed to init Kerberos context [%s]\n", msg);
         sss_krb5_free_error_message(NULL, msg);
+    } else {
+        *context = ctx;
     }
 
     return kerr;