krb5 commit: Ignore bad enctypes in krb5_string_to_keysalts()
Greg Hudson
ghudson at mit.edu
Wed Jul 22 17:01:59 EDT 2020
https://github.com/krb5/krb5/commit/be5396ada0e8dabd68bd0aceb733cfca39a609bc
commit be5396ada0e8dabd68bd0aceb733cfca39a609bc
Author: Robbie Harwood <rharwood at redhat.com>
Date: Wed Jul 15 15:42:20 2020 -0400
Ignore bad enctypes in krb5_string_to_keysalts()
Fixes a problem where the presence of legacy/unrecognized keysalts in
supported_enctypes would prevent the kadmin programs from starting.
[ghudson at mit.edu: ideally we would put a warning in the kadmind log,
but that is difficult to do when the parsing is done inside a library.
Even adding a trace log is difficult because the kadm5 str_conv
functions do not accept contexts.]
ticket: 8929 (new)
src/lib/kadm5/str_conv.c | 7 ++++---
1 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c
index 7cf51d3..7982956 100644
--- a/src/lib/kadm5/str_conv.c
+++ b/src/lib/kadm5/str_conv.c
@@ -340,9 +340,10 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps,
while ((ksp = strtok_r(p, tseps, &tlasts)) != NULL) {
/* Pass a null pointer to subsequent calls to strtok_r(). */
p = NULL;
- ret = string_to_keysalt(ksp, ksaltseps, &etype, &stype);
- if (ret)
- goto cleanup;
+
+ /* Discard unrecognized keysalts. */
+ if (string_to_keysalt(ksp, ksaltseps, &etype, &stype) != 0)
+ continue;
/* Ignore duplicate keysalts if caller asks. */
if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype))
More information about the cvs-krb5
mailing list