krb5 commit: Fix OTP KDC module get_string error handling
Greg Hudson
ghudson at MIT.EDU
Wed Jul 17 12:24:21 EDT 2013
https://github.com/krb5/krb5/commit/acb490bd01235511294ecb6b23750e648e48f7dc
commit acb490bd01235511294ecb6b23750e648e48f7dc
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Jul 17 12:14:13 2013 -0400
Fix OTP KDC module get_string error handling
If cb->get_string returns 0 with no result in otp_edata, make sure we
set retval to avoid sending an empty OTP hint. If cb->get_string
returns an error code in otp_verify, avoid masking that code.
src/plugins/preauth/otp/main.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/plugins/preauth/otp/main.c b/src/plugins/preauth/otp/main.c
index 2f7470e..bf9c6a8 100644
--- a/src/plugins/preauth/otp/main.c
+++ b/src/plugins/preauth/otp/main.c
@@ -204,7 +204,9 @@ otp_edata(krb5_context context, krb5_kdc_req *request,
/* Determine if otp is enabled for the user. */
retval = cb->get_string(context, rock, "otp", &config);
- if (retval != 0 || config == NULL)
+ if (retval == 0 && config == NULL)
+ retval = ENOENT;
+ if (retval != 0)
goto out;
cb->free_string(context, rock, config);
@@ -305,7 +307,7 @@ otp_verify(krb5_context context, krb5_data *req_pkt, krb5_kdc_req *request,
/* Get the principal's OTP configuration string. */
retval = cb->get_string(context, rock, "otp", &config);
- if (config == NULL)
+ if (retval == 0 && config == NULL)
retval = KRB5_PREAUTH_FAILED;
if (retval != 0) {
free(rs);
More information about the cvs-krb5
mailing list