|
 |
5af5b2 |
Don't call a prompter function if it's NULL, as it can be, depending on
|
|
|
5af5b2 |
which code path we were called from. Part of the larger responder retrofit
|
|
|
5af5b2 |
coming in 1.12 (RT#7680).
|
|
|
5af5b2 |
|
|
|
5af5b2 |
--- krb5-1.11.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
|
|
5af5b2 |
+++ krb5-1.11.3/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
|
|
5af5b2 |
@@ -673,6 +673,8 @@ get_key_cb(char *buf, int size, int rwfl
|
|
|
5af5b2 |
krb5_error_code retval;
|
|
|
5af5b2 |
char *prompt;
|
|
|
5af5b2 |
|
|
|
5af5b2 |
+ if (data->id_cryptoctx->prompter == NULL)
|
|
|
5af5b2 |
+ return -1;
|
|
|
5af5b2 |
if (asprintf(&prompt, "%s %s", _("Pass phrase for"), data->filename) < 0)
|
|
|
5af5b2 |
return -1;
|
|
|
5af5b2 |
rdat.data = buf;
|
|
|
5af5b2 |
@@ -3739,10 +3741,15 @@ pkinit_login(krb5_context context,
|
|
|
5af5b2 |
prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
|
|
|
5af5b2 |
|
|
|
5af5b2 |
/* PROMPTER_INVOCATION */
|
|
|
5af5b2 |
- k5int_set_prompt_types(context, &prompt_type);
|
|
|
5af5b2 |
- r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
|
|
|
5af5b2 |
- NULL, NULL, 1, &kprompt);
|
|
|
5af5b2 |
- k5int_set_prompt_types(context, 0);
|
|
|
5af5b2 |
+ if (id_cryptoctx->prompter == NULL) {
|
|
|
5af5b2 |
+ r = KRB5_LIBOS_CANTREADPWD;
|
|
|
5af5b2 |
+ rdat.data = NULL;
|
|
|
5af5b2 |
+ } else {
|
|
|
5af5b2 |
+ k5int_set_prompt_types(context, &prompt_type);
|
|
|
5af5b2 |
+ r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
|
|
|
5af5b2 |
+ NULL, NULL, 1, &kprompt);
|
|
|
5af5b2 |
+ k5int_set_prompt_types(context, 0);
|
|
|
5af5b2 |
+ }
|
|
|
5af5b2 |
free(prompt);
|
|
|
5af5b2 |
}
|
|
|
5af5b2 |
|
|
|
5af5b2 |
@@ -4307,10 +4314,15 @@ pkinit_get_certs_pkcs12(krb5_context con
|
|
|
5af5b2 |
prompt_type = KRB5_PROMPT_TYPE_PREAUTH;
|
|
|
5af5b2 |
|
|
|
5af5b2 |
/* PROMPTER_INVOCATION */
|
|
|
5af5b2 |
- k5int_set_prompt_types(context, &prompt_type);
|
|
|
5af5b2 |
- r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
|
|
|
5af5b2 |
- NULL, NULL, 1, &kprompt);
|
|
|
5af5b2 |
- k5int_set_prompt_types(context, 0);
|
|
|
5af5b2 |
+ if (*id_cryptoctx->prompter == NULL) {
|
|
|
5af5b2 |
+ retval = KRB5_LIBOS_CANTREADPWD;
|
|
|
5af5b2 |
+ goto cleanup;
|
|
|
5af5b2 |
+ } else {
|
|
|
5af5b2 |
+ k5int_set_prompt_types(context, &prompt_type);
|
|
|
5af5b2 |
+ r = (*id_cryptoctx->prompter)(context, id_cryptoctx->prompter_data,
|
|
|
5af5b2 |
+ NULL, NULL, 1, &kprompt);
|
|
|
5af5b2 |
+ k5int_set_prompt_types(context, 0);
|
|
|
5af5b2 |
+ }
|
|
|
5af5b2 |
|
|
|
5af5b2 |
ret = PKCS12_parse(p12, rdat.data, &y, &x, NULL);
|
|
|
5af5b2 |
if (ret == 0) {
|