krb5 commit: Fix conditional in kadm5_chpass_principal_3()
ghudson at mit.edu
ghudson at mit.edu
Tue Apr 22 15:10:40 EDT 2025
https://github.com/krb5/krb5/commit/42e2a33ada511bd1b52df71d763bf1156355d332
commit 42e2a33ada511bd1b52df71d763bf1156355d332
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Apr 9 20:22:15 2025 -0400
Fix conditional in kadm5_chpass_principal_3()
Ensure that kadm5_chpass_principal_3() does not reference pol or hist
when the principal has a policy reference but the policy does not
exist. (Both structures are zeroed in this case, so the resulting
checks are pointless but have defined and harmless behavior.)
src/lib/kadm5/srv/svr_principal.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 1557937f2..8f381882d 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1304,9 +1304,7 @@ kadm5_chpass_principal_3(void *server_handle,
goto done;
kdb->pw_expiration = 0;
- if ((adb.aux_attributes & KADM5_POLICY)) {
- /* the policy was loaded before */
-
+ if (have_pol) {
ret = check_pw_reuse(handle->context, hist_keyblocks,
kdb->n_key_data, kdb->key_data,
1, &hist);
More information about the cvs-krb5
mailing list