Fix krb5_ldap_list_policy() filtering loop

The loop at the end of this function is intended to ignore ticket policy DNs that can't be converted to names. But it instead leaves a hole in the output list if that happens, effectively truncating the list and leaking any subsequent entries. Use the correct index for the output list. ticket: 9148 (new)
greghudson · Oct 27, 2024 · 621c312 · 621c312
1 parent ff4d99b
commit 621c312
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -382,7 +382,7 @@ krb5_ldap_list_policy(krb5_context context, char *containerdn, char ***policy)
 
     for (i = 0, j = 0; list[i] != NULL; i++, j++) {
         int ret;
-        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[i]);
+        ret = krb5_ldap_policydn_to_name (context, list[i], &(*policy)[j]);
         if (ret != 0)
             j--;
     }