[krbdev.mit.edu #9110] profile write functions crash on profile with no files

[Greg Hudson via RT]

<URL: http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9110 >

Summarizing the linked bug report from our perspective:

* FreeRDP has a function krb5glue_get_init_creds(), which calls
krb5_get_profile() and  manipulates the resulting profile with several calls,
beginning with profile_clear_relation().

* Per the stack trace, profile_clear_relation() calls rw_setup(), which
dereferences a null pointer at line 40 because profile->first_file is null.

* The crash occurs when there is no /etc/krb5.conf.

I can easily reproduce this crash with the following code (run with the
KRB5_CONFIG environment variable set to a nonexistent path):

    #include <krb5.h>
    #include <profile.h>

    int main()
    {
        krb5_error_code ret;
        krb5_context ctx;
        profile_t prof;

        if (krb5_init_context(&ctx))
            return 1;
        if (krb5_get_profile(ctx, &prof))
            return 1;
        profile_clear_relation(prof, NULL);
        return 0;
    }

A look at the code history suggests that this bug is long-standing, although I
haven't tested against older releases.