From b7d462a43eb1f01e363520996c518fa055cf1c67 Mon Sep 17 00:00:00 2001
From: Joseph Sutton <josephsutton@catalyst.net.nz>
Date: Fri, 17 Mar 2023 09:16:17 +1300
Subject: [PATCH] s4:kdc: Avoid copying data if not needed

krb5_pac_add_buffer() makes its own copy of the data we pass in. We
don't need to make yet another copy.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fa901e7346d36ae64a7ceab5dcf76bc210a67c93)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15476
---
 source4/kdc/pac-glue.c | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/source4/kdc/pac-glue.c b/source4/kdc/pac-glue.c
index 6692619065bc..62073a46fa25 100644
--- a/source4/kdc/pac-glue.c
+++ b/source4/kdc/pac-glue.c
@@ -1970,12 +1970,9 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
 		}
 
 		if (type_blob.length != 0) {
-			code = smb_krb5_copy_data_contents(&type_data,
-							   type_blob.data,
-							   type_blob.length);
-			if (code != 0) {
-				goto done;
-			}
+			type_data = smb_krb5_data_from_blob(type_blob);
+			code = krb5_pac_add_buffer(context, new_pac,
+						   type, &type_data);
 		} else {
 			code = krb5_pac_get_buffer(context,
 						   old_pac,
@@ -1984,13 +1981,17 @@ krb5_error_code samba_kdc_update_pac(TALLOC_CTX *mem_ctx,
 			if (code != 0) {
 				goto done;
 			}
+			/*
+			 * Passing a NULL pointer into krb5_pac_add_buffer() is
+			 * not allowed, so pass null_data instead if needed.
+			 */
+			code = krb5_pac_add_buffer(context,
+						   new_pac,
+						   type,
+						   (type_data.data != NULL) ? &type_data : &null_data);
+			smb_krb5_free_data_contents(context, &type_data);
 		}
 
-		code = krb5_pac_add_buffer(context,
-					   new_pac,
-					   type,
-					   &type_data);
-		smb_krb5_free_data_contents(context, &type_data);
 		if (code != 0) {
 			goto done;
 		}
-- 
2.34.1