CVE-2018-16853: fix crash in expired passowrd case

[amitay/samba.git] / source4 / kdc / mit_samba.c

diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index 414e67c6a98e0c644f5db328a3587f43fe9bd54d..eacca0903ec56e264413a8478cb924077e88a4b6 100644 (file)
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -865,7 +865,7 @@ krb5_error_code encode_krb5_padata_sequence(krb5_pa_data *const *rep, krb5_data
 static void samba_kdc_build_edata_reply(NTSTATUS nt_status, DATA_BLOB *e_data)
 {
        krb5_error_code ret = 0;
-       krb5_pa_data pa, *ppa = NULL;
+       krb5_pa_data pa, *ppa[2];
        krb5_data *d = NULL;
 
        if (!e_data)
@@ -886,9 +886,10 @@ static void samba_kdc_build_edata_reply(NTSTATUS nt_status, DATA_BLOB *e_data)
        SIVAL(pa.contents, 4, 0);
        SIVAL(pa.contents, 8, 1);
 
-       ppa = &pa;
+       ppa[0] = &pa;
+       ppa[1] = NULL;
 
-       ret = encode_krb5_padata_sequence(&ppa, &d);
+       ret = encode_krb5_padata_sequence(ppa, &d);
        free(pa.contents);
        if (ret) {
                return;