svn rev #25303: trunk/src/plugins/preauth/pkinit/

Wed Oct 5 17:30:12 EDT 2011

http://src.mit.edu/fisheye/changelog/krb5/?cs=25303
Commit By: hartmans
Log Message:
Treat the client's list of supported KDFs as an unordered list.

Signed-off-by: Margaret Wasserman <mrw at painless-security.com>


Changed Files:
U   trunk/src/plugins/preauth/pkinit/pkinit_srv.c
Modified: trunk/src/plugins/preauth/pkinit/pkinit_srv.c
===================================================================

--- trunk/src/plugins/preauth/pkinit/pkinit_srv.c	2011-10-05 21:30:08 UTC (rev 25302)
+++ trunk/src/plugins/preauth/pkinit/pkinit_srv.c	2011-10-05 21:30:12 UTC (rev 25303)
@@ -664,10 +664,10 @@
 
     *alg_oid = NULL;
 
-    /* for each of the OIDs in the client's request... */
-    for (i = 0; NULL != (req_oid = kdf_list[i]); i++) {
-        /* if the requested OID is supported, use it. */
-        for (j = 0; NULL != (supp_oid = supported_kdf_alg_ids[j]); j++) {
+    /* for each of the OIDs that the server supports... */
+    for (i = 0; NULL != (supp_oid = supported_kdf_alg_ids[i]); i++) {
+        /* if the requested OID is in the client's list, use it. */
+        for (j = 0; NULL != (req_oid = kdf_list[j]); j++) {
             if ((req_oid->length == supp_oid->length) &&
                 (0 == memcmp(req_oid->data, supp_oid->data, req_oid->length))) {
                 tmp_oid = k5alloc(sizeof(krb5_octet_data), &retval);
@@ -679,6 +679,7 @@
                 tmp_oid->length = supp_oid->length;
                 memcpy(tmp_oid->data, supp_oid->data, supp_oid->length);
                 *alg_oid = tmp_oid;
+                /* don't free the OID in clean-up if we are returning it */
                 tmp_oid = NULL;
                 goto cleanup;
             }


