diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index 3e560d9..10b5982 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -406,14 +406,14 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data, int num_versions = 1; int i, j, last; krb5_error_code err = 0; - krb5_key_data *key_data; + krb5_key_data *key_data = NULL; - if (n_key_data <= 0) + if (n_key_data < 0) return NULL; /* Make a shallow copy of the key data so we can alter it. */ key_data = k5calloc(n_key_data, sizeof(*key_data), &err); - if (key_data_in == NULL) + if (key_data == NULL) goto cleanup; memcpy(key_data, key_data_in, n_key_data * sizeof(*key_data)); @@ -467,9 +467,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data, free(key_data); if (err != 0) { if (ret != NULL) { - for (i = 0; i <= num_versions; i++) - if (ret[i] != NULL) - free (ret[i]); + for (i = 0; ret[i] != NULL; i++) + free (ret[i]); free (ret); ret = NULL; } @@ -1036,9 +1035,19 @@ krb5_ldap_put_principal(krb5_context context, krb5_db_entry *entry, bersecretkey = krb5_encode_krbsecretkey (entry->key_data, entry->n_key_data, mkvno); - if ((st=krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey", - LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, bersecretkey)) != 0) + if (bersecretkey == NULL) { + st = ENOMEM; goto cleanup; + } + /* An empty list of bervals is only accepted for modify operations, + * not add operations. */ + if (bersecretkey[0] != NULL || !create_standalone_prinicipal) { + st = krb5_add_ber_mem_ldap_mod(&mods, "krbprincipalkey", + LDAP_MOD_REPLACE | LDAP_MOD_BVALUES, + bersecretkey); + if (st != 0) + goto cleanup; + } if (!(entry->mask & KADM5_PRINCIPAL)) { memset(strval, 0, sizeof(strval));