CVE-2018-16853: Do not segfault if client is not set

[amitay/samba.git] / source4 / kdc / mit-kdb / kdb_samba_policies.c

diff --git a/source4/kdc/mit-kdb/kdb_samba_policies.c b/source4/kdc/mit-kdb/kdb_samba_policies.c
index 81ac73582e0ee8e2fb7c09395f0927831bb413fa..fc80329f2216ec45b1e059d7663ad05f04e434df 100644 (file)
--- a/source4/kdc/mit-kdb/kdb_samba_policies.c
+++ b/source4/kdc/mit-kdb/kdb_samba_policies.c
@@ -461,6 +461,14 @@ void kdb_samba_db_audit_as_req(krb5_context context,
                               krb5_timestamp authtime,
                               krb5_error_code error_code)
 {
+       /*
+        * FIXME: This segfaulted with a FAST test
+        * FIND_FAST: <unknown client> for <unknown server>, Unknown FAST armor type 0
+        */
+       if (client == NULL) {
+               return;
+       }
+
        samba_bad_password_count(client, error_code);
 
        /* TODO: perform proper audit logging for addresses */
@@ -473,6 +481,14 @@ void kdb_samba_db_audit_as_req(krb5_context context,
                               krb5_timestamp authtime,
                               krb5_error_code error_code)
 {
+       /*
+        * FIXME: This segfaulted with a FAST test
+        * FIND_FAST: <unknown client> for <unknown server>, Unknown FAST armor type 0
+        */
+       if (client == NULL) {
+               return;
+       }
+
        samba_bad_password_count(client, error_code);
 }
 #endif