[krbdev.mit.edu #2234] kdc_util.c bug - validate_tgs_request clears all kdc_options

[Wyllys Ingersoll via RT]

The new code in kdc_util.c

    request->kdc_options &= ~(TGS_OPTIONS_HANDLED);

Actually causes clears the kdc_options field of all
handled options, which (in most cases) zeros the field.
This is probably not intended...  

To properly disable unrecognized flags, I think you need
to do something like this:

badflags = (request->kdc_options & ~(TGS_OPTIONS_HANDLED));
request->kdc_options &= ~badflags;

-Wyllys

-- 
Wyllys Ingersoll <wyllys.ingersoll at sun.com>