etype info handling infinite loop

If a request contains no des-cbc-crc enctype bumt des-cbc-crc or
des-cbc-md5 existis in the database then an infinite loop is created.
Fix etype info handling to avoid this.

ticket: new
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15332 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 11bd82825b3253c78c608a0e6cffa3c053af253c..6fe495d341914d327e86ed9a3e58346b19996e72 100644 (file)
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,8 @@
+2003-04-02  Sam Hartman  <hartmans@mit.edu>
+
+       * kdc_preauth.c (get_etype_info): Avoid infinite loop if request
+       does not contain des-cbc-crc and database does 
+
 2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
 
        * do_tgs_req.c (process_tgs_req): Check that principal name

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index f5c1e121ab9941b601714c76aa4c46d97e0ce539..87b0358d7d3f07f3e4caa1ceb3c832076790925c 100644 (file)
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -568,8 +568,10 @@ get_etype_info(krb5_context context, krb5_kdc_req *request,
        while (1) {
            if (!request_contains_enctype(context,
                                          request, db_etype)) {
-               if (db_etype == ENCTYPE_DES_CBC_CRC)
-                    continue;
+             if (db_etype == ENCTYPE_DES_CBC_CRC) {
+                 db_etype = ENCTYPE_DES_CBC_MD5;
+                 continue;
+             }
                 else break;
             }