[krbdev.mit.edu #8726] Directly dereference the pointer certname which may be NULL in parse_fs_options()
"kinit -X X509_user_identity=, princname" also causes the null deref
if the KDC offers PKINIT.
There are some ancillary code hygiene issues here:
* On empty input, parse_fs_options() returns 0 without filling in
idopts->cert_filename and idopts->key_filename. This is papered over
by checks in pkinit_get_certs_fs(), which will return
KRB5KDC_ERR_PREAUTH_FAILED if either field isn't filled in.
* If the second strdup() in parse_fs_options() fails, it returns
ENOMEM but does leave an allocated value in idopts->cert_filename.
This could lead to a memory leak if a subsequent pkinit_identities
value is tried, but under most circumstances I think the allocated
value will be cleaned up during teardown.
krb5-bugs mailing list
[hidden email] https://mailman.mit.edu/mailman/listinfo/krb5-bugs