Fix the error where a client request with no preauth data, when a preauth
module with the replaces_key set is loaded, crashes the KDC.  send-pr:20061030

Index: src/kdc/kdc_preauth.c
===================================================================
--- src/kdc/kdc_preauth.c	(revision 18750)
+++ src/kdc/kdc_preauth.c	(working copy)
@@ -721,25 +721,28 @@
         }
     }
 
-    /* Now sort just the modules which replace the key, placing those which
-     * handle the pa_data types provided by the client ahead of the others. */
-    for (i = 0; preauth_systems[pa_order[i]].flags & PA_REPLACES_KEY; i++) {
-	continue;
-    }
-    n_key_replacers = i;
-    for (i = 0; i < n_key_replacers; i++) {
-	if (pa_list_includes(request->padata,
-			     preauth_systems[pa_order[i]].type))
-	    continue;
-        for (j = i + 1; j < n_key_replacers; j++) {
-	    if (pa_list_includes(request->padata,
-			         preauth_systems[pa_order[j]].type)) {
-                k = pa_order[j];
-		pa_order[j] = pa_order[i];
-		pa_order[i] = k;
-		break;
-	    }
-        }
-    }
+    if (request->padata != NULL) {
+	/* Now reorder the subset of modules which replace the key, bubbling
+	 * those which handle pa_data types provided by the client ahead of the
+	 * others. */
+	for (i = 0; preauth_systems[pa_order[i]].flags & PA_REPLACES_KEY; i++) {
+	    continue;
+	}
+	n_key_replacers = i;
+	for (i = 0; i < n_key_replacers; i++) {
+	    if (pa_list_includes(request->padata,
+				 preauth_systems[pa_order[i]].type))
+		continue;
+	    for (j = i + 1; j < n_key_replacers; j++) {
+		if (pa_list_includes(request->padata,
+				     preauth_systems[pa_order[j]].type)) {
+		    k = pa_order[j];
+		    pa_order[j] = pa_order[i];
+		    pa_order[i] = k;
+		    break;
+		}
+	    }
+	}
+    }
 #ifdef DEBUG
     krb5_klog_syslog(LOG_DEBUG, "original preauth mechanism list:");