krb5 commit [krb5-1.12]: Fix invalid JSON handling in KDC OTP module

[Tom Yu]

https://github.com/krb5/krb5/commit/e52d893ec6701006bbf390856bf94bfe8da7c483
commit e52d893ec6701006bbf390856bf94bfe8da7c483
Author: Greg Hudson <ghudson at mit.edu>
Date:   Sun May 18 17:57:25 2014 -0400

    Fix invalid JSON handling in KDC OTP module
    
    If the OTP configuration for a principal contains invalid JSON, the
    KDC OTP module calls k5_json_get_tid on a null pointer, causing the
    KDC process to crash.  Fix this bug by checking the return value of
    k5_json_decode in decode_config_json.
    
    (cherry picked from commit dab1c234e15afdc64dfe776bdbc65bbc17d07e12)
    
    ticket: 7912
    version_fixed: 1.12.2
    status: resolved

 src/plugins/preauth/otp/otp_state.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/src/plugins/preauth/otp/otp_state.c b/src/plugins/preauth/otp/otp_state.c
index a4d7e3b..5c7476c 100644
--- a/src/plugins/preauth/otp/otp_state.c
+++ b/src/plugins/preauth/otp/otp_state.c
@@ -401,6 +401,8 @@ decode_config_json(const char *config, k5_json_array *out)
 
     /* Decode the config string and make sure it's an array. */
     retval = k5_json_decode((config != NULL) ? config : "[{}]", &val);
+    if (retval != 0)
+        goto error;
     if (k5_json_get_tid(val) != K5_JSON_TID_ARRAY) {
         retval = EINVAL;
         goto error;