s4:auth/kerberos: improve error message in kerberos_pac_to_user_info_dc()
authorStefan Metzmacher <metze@samba.org>
Thu, 7 Jan 2016 14:01:16 +0000 (15:01 +0100)
committerAndrew Bartlett <abartlet@samba.org>
Thu, 30 Jun 2016 01:30:26 +0000 (03:30 +0200)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
source4/auth/kerberos/kerberos_pac.c

index 20cfe88..27fb19b 100644 (file)
@@ -310,12 +310,17 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
                                      PAC_TYPE_LOGON_INFO,
                                      (ndr_pull_flags_fn_t)ndr_pull_PAC_INFO);
        kerberos_free_data_contents(context, &k5pac_logon_info_in);
-       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err) || !info.logon_info.info) {
+       if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
                nt_status = ndr_map_error2ntstatus(ndr_err);
                DEBUG(0,("can't parse the PAC LOGON_INFO: %s\n", nt_errstr(nt_status)));
                talloc_free(tmp_ctx);
                return EINVAL;
        }
+       if (info.logon_info.info == NULL) {
+               DEBUG(0,("can't parse the PAC LOGON_INFO: missing info pointer\n"));
+               talloc_free(tmp_ctx);
+               return EINVAL;
+       }
 
        /* Pull this right into the normal auth sysstem structures */
        nt_status = make_user_info_dc_pac(mem_ctx,