svn rev #25643: branches/krb5-1-8/src/lib/krb5/krb/
tlyu@MIT.EDU
tlyu at MIT.EDU
Wed Jan 11 00:12:47 EST 2012
http://src.mit.edu/fisheye/changelog/krb5/?cs=25643
Commit By: tlyu
Log Message:
ticket: 7070
subject: krb5_server_decrypt_ticket_keytab wrongly succeeds
version_fixed: 1.8.6
status: resolved
Pull up r25584 from trunk
------------------------------------------------------------------------
r25584 | ghudson | 2011-12-12 19:53:56 -0500 (Mon, 12 Dec 2011) | 9 lines
ticket: 7051
subject: krb5_server_decrypt_ticket_keytab wrongly succeeds
If krb5_server_decrypt_ticket_keytab doesn't find a key of the
appropriate enctype in an iterable keytab, it returns 0 (without
decrypting the ticket) due to a misplaced initialization of retval.
This bug causes kinit -k to claim "keytab entry valid" when it
shouldn't. Reported by mark at mproehl.net.
Changed Files:
U branches/krb5-1-8/src/lib/krb5/krb/srv_dec_tkt.c
Modified: branches/krb5-1-8/src/lib/krb5/krb/srv_dec_tkt.c
===================================================================
--- branches/krb5-1-8/src/lib/krb5/krb/srv_dec_tkt.c 2012-01-11 04:18:59 UTC (rev 25642)
+++ branches/krb5-1-8/src/lib/krb5/krb/srv_dec_tkt.c 2012-01-11 05:12:47 UTC (rev 25643)
@@ -79,8 +79,6 @@
krb5_error_code retval;
krb5_keytab_entry ktent;
- retval = KRB5_KT_NOTFOUND;
-
if (keytab->ops->start_seq_get == NULL) {
retval = krb5_kt_get_entry(context, keytab,
ticket->server,
@@ -99,6 +97,7 @@
if (retval != 0)
goto map_error;
+ retval = KRB5_KT_NOTFOUND;
while ((code = krb5_kt_next_entry(context, keytab,
&ktent, &cursor)) == 0) {
if (ktent.key.enctype != ticket->enc_part.enctype)
More information about the cvs-krb5
mailing list