krb5 commit: Fix PKINIT two-component matching rule parsing
Greg Hudson
ghudson at mit.edu
Mon Feb 27 12:29:28 EST 2017
https://github.com/krb5/krb5/commit/67ae7bbe1ea7032d1cb79682be3a14e7e13ec64f
commit 67ae7bbe1ea7032d1cb79682be3a14e7e13ec64f
Author: Greg Hudson <ghudson at mit.edu>
Date: Fri Feb 24 13:41:53 2017 -0500
Fix PKINIT two-component matching rule parsing
In pkinit_matching.c:parse_rule_set(), apply the default relation when
parsing the second component of a rule, not the third. Otherwise we
apply no default relation to two-component matching rules, effectively
reducing such rules to their second components. Reported by Sumit
Bose.
ticket: 8553 (new)
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
src/plugins/preauth/pkinit/pkinit_matching.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_matching.c b/src/plugins/preauth/pkinit/pkinit_matching.c
index a3bf3f4..a50c50c 100644
--- a/src/plugins/preauth/pkinit/pkinit_matching.c
+++ b/src/plugins/preauth/pkinit/pkinit_matching.c
@@ -409,7 +409,7 @@ parse_rule_set(krb5_context context,
}
rs->num_crs = 0;
while (remaining > 0) {
- if (rs->relation == relation_none && rs->num_crs > 1) {
+ if (rs->relation == relation_none && rs->num_crs > 0) {
pkiDebug("%s: Assuming AND relation for multiple components in rule '%s'\n",
__FUNCTION__, rule_in);
rs->relation = relation_and;
More information about the cvs-krb5
mailing list