Submitted by: Tomas Hoger <thoger@redhat.com>

Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL could be crashed if the relevant tables were not present (e.g. chrooted).
author: Dr. Stephen Henson <steve@openssl.org> 2010-03-03 15:34:11 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2010-03-03 15:34:11 +0000
commit: ede1351997d7dc9564dae45c48dd90d860f1ffb2 (patch)
tree: 3e4fab4b093135f686d99a1ca4ad4b26e26038cd /ssl/kssl.c
parent: 7786ed6a6417d8458ec445313f413f2c6713b72c (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/ssl/kssl.c b/ssl/kssl.c
index 73401c92a3..5cba28b89b 100644
--- a/ssl/kssl.c
+++ b/ssl/kssl.c
@@ -1802,6 +1802,9 @@ kssl_ctx_show(KSSL_CTX *kssl_ctx)
                                      kssl_ctx->service_name ? kssl_ctx->service_name: KRB5SVC,
                                      KRB5_NT_SRV_HST, &princ);
 
+    if (krb5rc)
+	goto exit;
+
     krb5rc = krb5_kt_get_entry(krb5context, krb5keytab, 
                                 princ,
                                 0 /* IGNORE_VNO */,
author	Dr. Stephen Henson <steve@openssl.org>	2010-03-03 15:34:11 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2010-03-03 15:34:11 +0000
commit	ede1351997d7dc9564dae45c48dd90d860f1ffb2 (patch)
tree	3e4fab4b093135f686d99a1ca4ad4b26e26038cd /ssl/kssl.c
parent	7786ed6a6417d8458ec445313f413f2c6713b72c (diff)