Save a copy of the ciphertext from the kdc rather than trying to

decrypt the already decrypted text each time through the loop.

Ticket: 1554
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15551 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog
index f16f07c45ac13aab9714df1c1f8ef45f204196cd..d7215914124383f1a28797098b20d63689d1bfb8 100644 (file)
--- a/src/lib/krb4/ChangeLog
+++ b/src/lib/krb4/ChangeLog
@@ -1,3 +1,8 @@
+2003-06-03  Sam Hartman  <hartmans@mit.edu>
+
+       * g_in_tkt.c (krb_get_in_tkt_preauth_creds): Keep copy of
+       ciphertext while trying different keyprocs 
+
 2003-06-02  Tom Yu  <tlyu@mit.edu>
 
        * change_password.c (krb_change_password): Explicitly zero the

diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c
index 4d5286a98ba981454033e6472952f77522b0a3d8..58a91b00df92591227a85bee218449f3773a2b93 100644 (file)
--- a/src/lib/krb4/g_in_tkt.c
+++ b/src/lib/krb4/g_in_tkt.c
@@ -424,6 +424,9 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
     /* Attempt to decrypt the reply.  Loop trying password_to_key algorithms 
        until we succeed or we get an error other than "bad password" */
     do {
+       KTEXT_ST cip_copy_st;
+       memcpy(&cip_copy_st, &cip_st, sizeof(cip_st));
+       cip = &cip_copy_st;
         if (decrypt_proc == NULL) {
             decrypt_tkt (user, instance, realm, arg, keyprocs[i], &cip);
         } else {
@@ -432,6 +435,7 @@ krb_get_in_tkt_preauth_creds(user, instance, realm, service, sinstance, life,
         kerror = krb_parse_in_tkt_creds(user, instance, realm,
                     service, sinstance, life, cip, byteorder, creds);
     } while ((keyprocs [++i] != NULL) && (kerror == INTK_BADPW));
+    cip = &cip_st;
 
     /* Fill in the local address if the caller wants it */
     if (laddrp != NULL) {