krb5 commit: Don't send empty etype info from KDC
Greg Hudson
ghudson at MIT.EDU
Fri May 3 16:16:19 EDT 2013
https://github.com/krb5/krb5/commit/ef700ee2cc1b33a06cd1e5c6c56ca7cfac8e67c5
commit ef700ee2cc1b33a06cd1e5c6c56ca7cfac8e67c5
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon Apr 29 14:55:31 2013 -0400
Don't send empty etype info from KDC
RFC 4120 prohibits empty ETYPE-INFO2 sequences (though not ETYPE-INFO
sequences), and our client errors out if it sees an empty sequence of
either.
ticket: 7630
src/kdc/kdc_preauth.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index b7f9e15..9c04f70 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1420,6 +1420,11 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
seen_des++;
}
}
+
+ /* If the list is empty, don't send it at all. */
+ if (i == 0)
+ goto cleanup;
+
if (etype_info2)
retval = encode_krb5_etype_info2(entry, &scratch);
else
More information about the cvs-krb5
mailing list