samba/backport-0029-CVE-2022-2031-CVE-2022-32744.patch

From 3a8da51396f3bf9d4caf8dbd4e75a0314aa47046 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Wed, 18 May 2022 16:48:59 +1200
Subject: [PATCH 73/99] CVE-2022-2031 s4:kpasswd: Don't return AP-REP on
 failure

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

[jsutton@samba.org Removed MIT KDC 1.20-specific knownfails]
Conflict: remove selftest/knownfail_mit_kdc
---
 source4/kdc/kpasswd-service.c | 2 ++
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/source4/kdc/kpasswd-service.c b/source4/kdc/kpasswd-service.c
index 8f1679e4a28..a3c57a67dd1 100644
--- a/source4/kdc/kpasswd-service.c
+++ b/source4/kdc/kpasswd-service.c
@@ -253,6 +253,7 @@ kdc_code kpasswd_process(struct kdc_server *kdc,
 				      &kpasswd_dec_reply,
 				      &error_string);
 	if (code != 0) {
+		ap_rep_blob = data_blob_null;
 		error_code = code;
 		goto reply;
 	}
@@ -262,6 +263,7 @@ kdc_code kpasswd_process(struct kdc_server *kdc,
 			     &kpasswd_dec_reply,
 			     &enc_data_blob);
 	if (!NT_STATUS_IS_OK(status)) {
+		ap_rep_blob = data_blob_null;
 		error_code = KRB5_KPASSWD_HARDERROR;
 		error_string = talloc_asprintf(tmp_ctx,
 					       "gensec_wrap failed - %s\n",
-- 
2.25.1