krb5_init_get_creds_password crash in 0.5.1

["Howard Chu" <hyc@highlandsun.com>]

This bug was reported to OpenLDAP (ITS#2386) by Iain Moffat @ ufl.edu.

If krb5_init_get_creds_password is called with a NULL prompter and the user's
password is expired, change_password() is invoked and change_password() tries
to execute the prompter without checking to see if it's valid/non-NULL. I
believe this diff (against 0.5.1) contains an appropriate fix. Looks like
0.5.2 doesn't fix this either.

===================================================================
RCS file: /var/CVSROOT/heimdal/lib/krb5/init_creds_pw.c,v
retrieving revision 1.1.1.2
diff -u -r1.1.1.2 init_creds_pw.c
--- init_creds_pw.c     18 Apr 2002 09:14:51 -0000      1.1.1.2
+++ init_creds_pw.c     20 Mar 2003 15:22:47 -0000
@@ -409,6 +409,9 @@
        krb5_prompt prompt;
        char *p, *q;

+       if (!prompter)
+               goto out;
+
        krb5_unparse_name (context, this_cred.client, &p);
        asprintf (&q, "%s's Password: ", p);
        free (p);
@@ -456,6 +459,9 @@

            if (in_tkt_service != NULL
                && strcmp (in_tkt_service, "kadmin/changepw") == 0)
+               goto out;
+
+           if (!prompter)
                goto out;

            ret = change_password (context,

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support