krb5 commit [krb5-1.14]: Fix KDC to drop repeated in-progress requests

Fri Sep 2 17:04:31 EDT 2016

https://github.com/krb5/krb5/commit/c6c6c2ab42e67d3447a9356274361748155a9bfb
commit c6c6c2ab42e67d3447a9356274361748155a9bfb
Author: Sarah Day <sarahday at mit.edu>
Date:   Mon Aug 15 16:11:31 2016 -0400

    Fix KDC to drop repeated in-progress requests
    
    When a KDC receives a repeated request while the original request is
    still in progress, it is supposed to be to drop the request.  Commit
    f07760088b72a11c54dd72efbc5739f231a4d4b0 introduced a bug in this
    logic, causing the KDC to instead send an empty reply.  In
    kdc_check_lookaside(), return a NULL reply_packet for empty entries,
    restoring the expected behavior.
    
    [ghudson at mit.edu: edited commit message, added a comment]
    
    (cherry picked from commit 847fc7b3caa823c219c97cc307ccb8d7d519a20f)
    
    ticket: 8477
    version_fixed: 1.14.4

 src/kdc/replay.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/src/kdc/replay.c b/src/kdc/replay.c
index 3eee6e8..05b5199 100644
--- a/src/kdc/replay.c
+++ b/src/kdc/replay.c
@@ -177,6 +177,11 @@ kdc_check_lookaside(krb5_context kcontext, krb5_data *req_packet,
 
     e->num_hits++;
     hits++;
+
+    /* Leave *reply_packet_out as NULL for an in-progress entry. */
+    if (e->reply_packet.length == 0)
+        return TRUE;
+
     return (krb5_copy_data(kcontext, &e->reply_packet,
                            reply_packet_out) == 0);
 }
