From 29940dd22c97a5b32007cf943a26d6a48d666c62 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Thu, 20 Jan 2022 09:44:43 -0500
Subject: [PATCH] lib/krb5: krb5_init_creds_set_service fail if set_realm fails

Calls to krb5_principal_set_realm() can fail due to memory
allocation failures.  If the client realm cannot be set in
the generated principal the wrong realm will be used.
Check for the result of krb5_principal_set_realm() and if
there is a failure, clean up and return the error code to
the caller.

Change-Id: Icadd04c858e88c1ba1d4344c60a784885a6a1344
---
 lib/krb5/init_creds_pw.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c
index 8497b2169..3a9b82f69 100644
--- a/lib/krb5/init_creds_pw.c
+++ b/lib/krb5/init_creds_pw.c
@@ -2624,7 +2624,11 @@ krb5_init_creds_set_service(krb5_context context,
 	ret = krb5_parse_name (context, service, &principal);
 	if (ret)
 	    return ret;
-	krb5_principal_set_realm (context, principal, client_realm);
+	ret = krb5_principal_set_realm (context, principal, client_realm);
+	if (ret) {
+	    krb5_free_principal(context, principal);
+	    return ret;
+	}
     } else {
 	ret = krb5_make_principal(context, &principal,
 				  client_realm, KRB5_TGS_NAME, client_realm,
-- 
2.11.4.GIT