projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ac77dcb)
krb5_server_decrypt_ticket_keytab wrongly succeeds
authorGreg Hudson <ghudson@mit.edu>
Tue, 13 Dec 2011 00:53:56 +0000 (00:53 +0000)
committerGreg Hudson <ghudson@mit.edu>
Tue, 13 Dec 2011 00:53:56 +0000 (00:53 +0000)
If krb5_server_decrypt_ticket_keytab doesn't find a key of the
appropriate enctype in an iterable keytab, it returns 0 (without
decrypting the ticket) due to a misplaced initialization of retval.
This bug causes kinit -k to claim "keytab entry valid" when it
shouldn't.  Reported by mark@mproehl.net.

ticket: 7051

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25584 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/srv_dec_tkt.c patch | blob | history

diff --git a/src/lib/krb5/krb/srv_dec_tkt.c b/src/lib/krb5/krb/srv_dec_tkt.c
index 645bc75520b6b7310fbb0d195f3b07028527c8c9..094758ce202c0d3d6690158236d41e657f2a1686 100644 (file)
--- a/src/lib/krb5/krb/srv_dec_tkt.c
+++ b/src/lib/krb5/krb/srv_dec_tkt.c
@@ -79,8 +79,6 @@ krb5_server_decrypt_ticket_keytab(krb5_context context,
     krb5_error_code       retval;
     krb5_keytab_entry     ktent;
 
-    retval = KRB5_KT_NOTFOUND;
-
     if (keytab->ops->start_seq_get == NULL) {
         retval = krb5_kt_get_entry(context, keytab,
                                    ticket->server,
@@ -99,6 +97,7 @@ krb5_server_decrypt_ticket_keytab(krb5_context context,
         if (retval != 0)
             goto map_error;
 
+        retval = KRB5_KT_NOTFOUND;
         while ((code = krb5_kt_next_entry(context, keytab,
                                           &ktent, &cursor)) == 0) {
             if (ktent.key.enctype != ticket->enc_part.enctype)
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.