[krbdev.mit.edu #5840] Prevent kadm5_decrypt_key() from coercing the keytype if the requested ktype == -1
Kevin Coffman via RT
rt-comment at krbdev.mit.edu
Fri Nov 9 16:17:03 EST 2007
FYI, this is a dup of RT#2059.
On Nov 9, 2007 3:48 PM, Jeffrey Altman via RT <rt-comment at krbdev.mit.edu> wrote:
> Tom Yu via RT wrote:
> >>>>>> "jaltman" == Jeffrey Altman via RT <rt-comment at krbdev.mit.edu> writes:
> >
> > jaltman> + if (ktype == -1)
> > jaltman> + keyblock->enctype = ktype;
> >
> > Isn't this backwards if you want -1 to mean the enctype doesn't get
> > coerced?
> >
> You are correct. I manually copied the patch backward. The problem
> with manually pulling patches by eyeballing them from other systems.
> Corrected patch:
>
> Index: svr_principal.c
>
> ===================================================================
>
> --- svr_principal.c (revision 20163)
>
> +++ svr_principal.c (working copy)
>
> @@ -2156,7 +2156,8 @@
>
> * inexact match on the enctype; this behavior will go away when
>
> * the key storage architecture gets redesigned for 1.3.
>
> */
>
> - keyblock->enctype = ktype;
>
> + if (ktype != -1)
>
> + keyblock->enctype = ktype;
>
> if (kvnop)
>
> *kvnop = key_data->key_data_kvno;
>
>
> _______________________________________________
>
> krb5-bugs mailing list
> krb5-bugs at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krb5-bugs
>
>
More information about the krb5-bugs
mailing list