Don't call gss_krb5_ccache_name() with a NULL pointer when restoring

the old credential cache file name.  This can happen if there was
no old name returned by gss_krb5_ccache_name().  Fixes a crash on
kerberized LDAP on some platforms.

diff --git a/plugins/sudoers/ldap.c b/plugins/sudoers/ldap.c
index 3fbbbdd236c1944a8b3912945d5a8bc33d134c17..5890e4b962c404cb421c55cfac123fc151c4b18f 100644 (file)
--- a/plugins/sudoers/ldap.c
+++ b/plugins/sudoers/ldap.c
@@ -2423,19 +2423,20 @@ sudo_ldap_bind_s(LDAP *ld)
                    old_ccname ? old_ccname : "(none)", new_ccname);
            } else {
                sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
-                   "gss_krb5_ccache_name() failed: %d", rc);
+                   "sudo_set_krb5_ccache_name() failed: %d", rc);
            }
        }
        rc = ldap_sasl_interactive_bind_s(ld, ldap_conf.binddn, "GSSAPI",
            NULL, NULL, LDAP_SASL_QUIET, sudo_ldap_sasl_interact, auth_id);
        if (new_ccname != NULL) {
-           rc = sudo_set_krb5_ccache_name(old_ccname, NULL);
+           rc = sudo_set_krb5_ccache_name(old_ccname ? old_ccname : "", NULL);
            if (rc == 0) {
                sudo_debug_printf(SUDO_DEBUG_INFO|SUDO_DEBUG_LINENO,
-                   "restore ccache name %s -> %s", new_ccname, old_ccname);
+                   "restore ccache name %s -> %s", new_ccname,
+                   old_ccname ? old_ccname : "(none)");
            } else {
                sudo_debug_printf(SUDO_DEBUG_WARN|SUDO_DEBUG_LINENO,
-                   "gss_krb5_ccache_name() failed: %d", rc);
+                   "sudo_set_krb5_ccache_name() failed: %d", rc);
            }
            /* Remove temporary copy of user's credential cache. */
            if (tmp_ccname != NULL)