MEMORY keytab krb5_kt_get_entry sets enctype to 0 if unspecified

If one invokes krb5_kt_get_entry() for a memory keytab w/ an unspecified
enctype (i.e. 0) - the returned keytab has it's enctype set to 0 as well.

Also - in copying out the found keytab_entry - when a kvno is unspecified,
the last match found is used  - not the one with the highest vno.
This was caused by copying out the variable "entry" and not "match".

Ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19141 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/keytab/kt_memory.c b/src/lib/krb5/keytab/kt_memory.c
index 7e055b737633033c7c782e72f12ffbfc71e0d158..044cb1f3bee35835a81b08c72936107a974e0fe6 100644 (file)
--- a/src/lib/krb5/keytab/kt_memory.c
+++ b/src/lib/krb5/keytab/kt_memory.c
@@ -401,13 +401,12 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id,
     for (cursor = KTLINK(id); cursor && cursor->entry; cursor = cursor->next) {\r
        entry = cursor->entry;\r
 \r
-       /* if the principal isn't the one requested, free new_entry\r
-          and continue to the next. */\r
+       /* if the principal isn't the one requested, continue to the next. */\r
 \r
        if (!krb5_principal_compare(context, principal, entry->principal))\r
            continue;\r
 \r
-       /* if the enctype is not ignored and doesn't match, free new_entry\r
+       /* if the enctype is not ignored and doesn't match, \r
           and continue to the next */\r
        if (enctype != IGNORE_ENCTYPE) {\r
            if ((err = krb5_c_enctype_compare(context, enctype, \r
@@ -438,20 +437,21 @@ krb5_mkt_get_entry(krb5_context context, krb5_keytab id,
 \r
     /* if we found an entry that matches, ... */\r
     if (match) { \r
-       out_entry->magic = entry->magic;\r
-       out_entry->timestamp = entry->timestamp;\r
-       out_entry->vno = entry->vno;\r
-       out_entry->key = entry->key; \r
-       err = krb5_copy_keyblock_contents(context, &(entry->key),\r
+       out_entry->magic = match->magic;\r
+       out_entry->timestamp = match->timestamp;\r
+       out_entry->vno = match->vno;\r
+       out_entry->key = match->key; \r
+       err = krb5_copy_keyblock_contents(context, &(match->key),\r
                                          &(out_entry->key));\r
        /*\r
         * Coerce the enctype of the output keyblock in case we\r
         * got an inexact match on the enctype.\r
         */\r
-       out_entry->key.enctype = enctype;\r
+       if(enctype != IGNORE_ENCTYPE)\r
+               out_entry->key.enctype = enctype;\r
        if(!err) {\r
                err = krb5_copy_principal(context, \r
-                                         entry->principal, \r
+                                         match->principal, \r
                                          &(out_entry->principal));\r
        }\r
     } else {\r