svn rev #23454: trunk/src/lib/ kdb/ krb5/krb/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Dec 7 10:30:37 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=23454
Commit By: tlyu
Log Message:
ticket: 6592
subject: handle negative enctypes better
status: open
krb5_dbe_def_search_enctype and krb5int_parse_enctype_list were making
assumptions that enctype numbers are positive. Potentially more code
makes this assumption, but these appear to be the major ones.
Changed Files:
U trunk/src/lib/kdb/kdb_default.c
U trunk/src/lib/krb5/krb/init_ctx.c
Modified: trunk/src/lib/kdb/kdb_default.c
===================================================================
--- trunk/src/lib/kdb/kdb_default.c 2009-12-06 22:07:02 UTC (rev 23453)
+++ trunk/src/lib/kdb/kdb_default.c 2009-12-07 15:30:37 UTC (rev 23454)
@@ -98,7 +98,7 @@
}
- if (ktype > 0) {
+ if (ktype != -1) {
if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
dbentp->key_data[i].key_data_type[0],
&similar)))
@@ -106,7 +106,7 @@
return(ret);
}
- if (((ktype <= 0) || similar) &&
+ if (((ktype == -1) || similar) &&
((db_stype == stype) || (stype < 0))) {
if (kvno >= 0) {
if (kvno == dbentp->key_data[i].key_data_kvno) {
Modified: trunk/src/lib/krb5/krb/init_ctx.c
===================================================================
--- trunk/src/lib/krb5/krb/init_ctx.c 2009-12-06 22:07:02 UTC (rev 23453)
+++ trunk/src/lib/krb5/krb/init_ctx.c 2009-12-07 15:30:37 UTC (rev 23454)
@@ -61,7 +61,8 @@
#include "../krb5_libinit.h"
#endif
-/* This must be the largest enctype value defined in krb5.h. */
+/* This must be the largest enctype value defined in krb5.h, plus the number of
+ * enctypes with negative numbers. */
#define MAX_ENCTYPE ENCTYPE_ARCFOUR_HMAC_EXP
/* The des-mdX entries are last for now, because it's easy to
@@ -357,7 +358,7 @@
{
unsigned int i;
- assert(etype > 0 && etype <= MAX_ENCTYPE);
+ assert(etype <= MAX_ENCTYPE);
if (!allow_weak && krb5int_c_weak_enctype(etype))
return;
for (i = 0; i < *count; i++) {
More information about the cvs-krb5
mailing list