krb5_dbe_def_search_enctype and krb5int_parse_enctype_list were making
assumptions that enctype numbers are positive. Potentially more code
makes this assumption, but these appear to be the major ones.
ticket: 6592
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23454
dc483132-0cff-0310-8789-
dd5450dbe970
}
- if (ktype > 0) {
+ if (ktype != -1) {
if ((ret = krb5_c_enctype_compare(kcontext, (krb5_enctype) ktype,
dbentp->key_data[i].key_data_type[0],
&similar)))
return(ret);
}
- if (((ktype <= 0) || similar) &&
+ if (((ktype == -1) || similar) &&
((db_stype == stype) || (stype < 0))) {
if (kvno >= 0) {
if (kvno == dbentp->key_data[i].key_data_kvno) {
#include "../krb5_libinit.h"
#endif
-/* This must be the largest enctype value defined in krb5.h. */
+/* This must be the largest enctype value defined in krb5.h, plus the number of
+ * enctypes with negative numbers. */
#define MAX_ENCTYPE ENCTYPE_ARCFOUR_HMAC_EXP
/* The des-mdX entries are last for now, because it's easy to
{
unsigned int i;
- assert(etype > 0 && etype <= MAX_ENCTYPE);
+ assert(etype <= MAX_ENCTYPE);
if (!allow_weak && krb5int_c_weak_enctype(etype))
return;
for (i = 0; i < *count; i++) {
projects / krb5.git / commitdiff