krb5 commit [krb5-1.15]: Prevent null dereference with keyboard master key

[Greg Hudson]

https://github.com/krb5/krb5/commit/615506789cc7299e4e7b859d163f680228f1b724
commit 615506789cc7299e4e7b859d163f680228f1b724
Author: Greg Hudson <ghudson at mit.edu>
Date:   Tue Jul 18 12:29:12 2017 -0400

    Prevent null dereference with keyboard master key
    
    If krb5_db_fetch_mkey() prompts for a master key and needs to
    determine the kvno, check that the master entry contains any key data
    before dereferencing the first element.  Reported by Joshua Schaeffer.
    
    (cherry picked from commit 29c504504f0c56c861d968ba2498590bf34714cd)
    
    ticket: 8600
    version_fixed: 1.15.2

 src/lib/kdb/kdb5.c |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c
index 4adf0fc..6907257 100644
--- a/src/lib/kdb/kdb5.c
+++ b/src/lib/kdb/kdb5.c
@@ -1220,11 +1220,12 @@ krb5_db_fetch_mkey(krb5_context context, krb5_principal mname,
             krb5_db_entry *master_entry;
 
             rc = krb5_db_get_principal(context, mname, 0, &master_entry);
-            if (rc == 0) {
+            if (rc == 0 && master_entry->n_key_data > 0)
                 *kvno = (krb5_kvno) master_entry->key_data->key_data_kvno;
-                krb5_db_free_principal(context, master_entry);
-            } else
+            else
                 *kvno = 1;
+            if (rc == 0)
+                krb5_db_free_principal(context, master_entry);
         }
 
         if (!salt)