[krbdev.mit.edu #7922] Salt value is wastefully stored for non-default, non-special salt types
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue May 27 15:40:38 EDT 2014
diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c
index 2ca4632..af20ae9 100644
--- a/src/lib/kdb/encrypt_key.c
+++ b/src/lib/kdb/encrypt_key.c
@@ -115,7 +115,10 @@ krb5_dbe_def_encrypt_key_data( krb5_context context,
if (keysalt->type > 0) {
key_data->key_data_ver++;
key_data->key_data_type[1] = keysalt->type;
- if ((key_data->key_data_length[1] = keysalt->data.length) != 0) {
+ /* We only need to store the value for SALTTYPE_SPECIAL; the other
+ * non-default salt types can be computed from the principal. */
+ if (keysalt->type == KRB5_KDB_SALTTYPE_SPECIAL &&
+ (key_data->key_data_length[1] = keysalt->data.length) != 0) {
key_data->key_data_contents[1] =
(krb5_octet *)malloc(keysalt->data.length);
if (key_data->key_data_contents[1] == NULL) {
More information about the krb5-bugs
mailing list