[krbdev.mit.edu #8666] Explicit NULL deref in finish_dispatch()
In dispatch.c, dispatch() allocates a dispatch_state structure called
state, and initializes some fields. However, unless krb5_is_as_req(pkt)
is true, state->active_realm does not get initialized before the state
object is passed to finish_dispatch_cache.
finish_dispatch_cache() passes through state to finish_dispatch().
finish_dispatch() invokes the kdc_context macro in a call to
krb5_free_data(), which dereferences state->active_realm (for
This is an explicit NULL dereference. Worth noting also is that
make_too_big_error() will attempt to dereference the same value later in