Fix failure interval of 0 in LDAP lockout code
pull up r25480 from trunk, minus a non-applying manpage patch
------------------------------------------------------------------------
r25480 | ghudson | 2011-11-20 00:19:45 -0500 (Sun, 20 Nov 2011) | 13 lines
ticket: 7021
subject: Fix failure interval of 0 in LDAP lockout code
target_version: 1.10
tags: pullup
A failure count interval of 0 caused krb5_ldap_lockout_check_policy to
pass the lockout check (but didn't cause a reset of the failure count
in krb5_ldap_lockout_audit). It should be treated as forever, as in
the DB2 back end.
This bug is the previously unknown cause of the assertion failure
fixed in CVE-2011-1528.
ticket: 7041
version_fixed: 1.8.6
status: resolved
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25514
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / commit