[krbdev.mit.edu #5840] Prevent kadm5_decrypt_key() from coercing the keytype if the requested ktype == -1

Kevin Coffman via RT rt-comment at krbdev.mit.edu
Fri Nov 9 16:17:04 EST 2007


FYI, this is a dup of RT#2059.

On Nov 9, 2007 3:48 PM, Jeffrey Altman via RT <rt-comment at krbdev.mit.edu> wrote:
> Tom Yu via RT wrote:
> >>>>>> "jaltman" == Jeffrey Altman via RT <rt-comment at krbdev.mit.edu> writes:
> >
> > jaltman> +    if (ktype == -1)
> > jaltman> +        keyblock->enctype = ktype;
> >
> > Isn't this backwards if you want -1 to mean the enctype doesn't get
> > coerced?
> >
> You are correct.  I manually copied the patch backward.  The problem
> with manually pulling patches by eyeballing them from other systems.
> Corrected patch:
>
> Index: svr_principal.c
>
> ===================================================================
>
> --- svr_principal.c     (revision 20163)
>
> +++ svr_principal.c     (working copy)
>
> @@ -2156,7 +2156,8 @@
>
>       * inexact match on the enctype; this behavior will go away when
>
>       * the key storage architecture gets redesigned for 1.3.
>
>       */
>
> -    keyblock->enctype = ktype;
>
> +    if (ktype != -1)
>
> +        keyblock->enctype = ktype;
>
>      if (kvnop)
>
>          *kvnop = key_data->key_data_kvno;
>
>
> _______________________________________________
>
> krb5-bugs mailing list
> krb5-bugs at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krb5-bugs
>
>




More information about the krb5-bugs mailing list