Negative enctypes improperly read from ccaches
authorGreg Hudson <ghudson@mit.edu>
Thu, 13 May 2010 18:58:43 +0000 (18:58 +0000)
committerGreg Hudson <ghudson@mit.edu>
Thu, 13 May 2010 18:58:43 +0000 (18:58 +0000)
When reading enctypes from ccaches, we need to sign-extend the 16-bit
value we read in order to properly read negative enctypes.

ticket: 6723

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24021 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/ccache/cc_file.c

index 6af5afcd0ae1405a1276b8ab43e68040aaf4629d..0dce7686e3ffad983377f5852306eb048236bb36 100644 (file)
@@ -595,8 +595,9 @@ krb5_fcc_read_keyblock(krb5_context context, krb5_ccache id, krb5_keyblock *keyb
     keyblock->magic = KV5M_KEYBLOCK;
     keyblock->contents = 0;
 
+    /* Enctype is signed, so sign-extend the 16-bit value we read. */
     kret = krb5_fcc_read_ui_2(context, id, &ui2);
-    keyblock->enctype = ui2;
+    keyblock->enctype = (krb5_int16) ui2;
     CHECK(kret);
     if (data->version == KRB5_FCC_FVNO_3) {
         /* This works because the old etype is the same as the new enctype. */