Negative enctypes improperly read from keytabs
authorGreg Hudson <ghudson@mit.edu>
Thu, 13 May 2010 17:34:33 +0000 (17:34 +0000)
committerGreg Hudson <ghudson@mit.edu>
Thu, 13 May 2010 17:34:33 +0000 (17:34 +0000)
When reading enctypes from keytabs, we need to ntohs() the 16-bit
value we read in before sign-extending it to a 32-bit value in the
keyblock, or we run the risk of extending the wrong sign.

ticket: 6720

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24016 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/keytab/kt_file.c

index 3583506a4d153af081105bbe1fbd9cc870ee4424..80070bcf5dfd300355ac36179f9230710a4d769f 100644 (file)
@@ -1362,10 +1362,9 @@ krb5_ktfileint_internal_read_entry(krb5_context context, krb5_keytab id, krb5_ke
         error = KRB5_KT_END;
         goto fail;
     }
-    ret_entry->key.enctype = (krb5_enctype)enctype;
-
     if (KTVERSION(id) != KRB5_KT_VNO_1)
-        ret_entry->key.enctype = ntohs(ret_entry->key.enctype);
+        enctype = ntohs(enctype);
+    ret_entry->key.enctype = (krb5_enctype)enctype;
 
     /* key contents */
     ret_entry->key.magic = KV5M_KEYBLOCK;