Tom's patch:
authorKen Raeburn <raeburn@mit.edu>
Tue, 21 Sep 1999 23:02:41 +0000 (23:02 +0000)
committerKen Raeburn <raeburn@mit.edu>
Tue, 21 Sep 1999 23:02:41 +0000 (23:02 +0000)
* do_tgs_req.c (process_tgs_req): Don't try to take the 2nd
component of a principal that doesn't have 2 components.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11839 dc483132-0cff-0310-8789-dd5450dbe970

src/kdc/ChangeLog
src/kdc/do_tgs_req.c

index 980faf7c01885e5198f6d3026ad6e330686961f0..298061e18ffe0a6cb236eb25c217c9570cd547f4 100644 (file)
@@ -1,3 +1,8 @@
+1999-09-13  Tom Yu  <tlyu@mit.edu>
+
+       * do_tgs_req.c (process_tgs_req): Don't try to take the 2nd
+       component of a principal that doesn't have 2 components.
+
 1999-09-01  Ken Raeburn  <raeburn@mit.edu>
 
        * kdc_util.c (select_session_keytype): If none of the requested
index 7faf748da3a5c717c570334ccb50c584e71b4433..db10ad77c5c9044fcc5ca0d7a1a300cd6bd89085 100644 (file)
@@ -167,15 +167,19 @@ tgt_again:
         * should do our best to find such a TGS in this db
         */
        if (firstpass && krb5_is_tgs_principal(request->server) == TRUE) {
-           krb5_data *server_1 = krb5_princ_component(kdc_context, request->server, 1);
-           krb5_data *tgs_1 = krb5_princ_component(kdc_context, tgs_server, 1);
-
-           if (server_1->length != tgs_1->length ||
-               memcmp(server_1->data, tgs_1->data, tgs_1->length)) {
-               krb5_db_free_principal(kdc_context, &server, nprincs);
-               find_alternate_tgs(request, &server, &more, &nprincs);
-               firstpass = 0;
-               goto tgt_again;
+           if (krb5_princ_size(kdc_context, request->server) == 2) {
+               krb5_data *server_1 =
+                   krb5_princ_component(kdc_context, request->server, 1);
+               krb5_data *tgs_1 =
+                   krb5_princ_component(kdc_context, tgs_server, 1);
+
+               if (server_1->length != tgs_1->length ||
+                   memcmp(server_1->data, tgs_1->data, tgs_1->length)) {
+                   krb5_db_free_principal(kdc_context, &server, nprincs);
+                   find_alternate_tgs(request, &server, &more, &nprincs);
+                   firstpass = 0;
+                   goto tgt_again;
+               }
            }
        }
        krb5_db_free_principal(kdc_context, &server, nprincs);
@@ -707,6 +711,12 @@ int *nprincs;
     *nprincs = 0;
     *more = FALSE;
 
+    /*
+     * Call to krb5_princ_component is normally not safe but is so
+     * here only because find_alternate_tgs() is only called from
+     * somewhere that has already checked the number of components in
+     * the principal.
+     */
     if ((retval = krb5_walk_realm_tree(kdc_context, 
                      krb5_princ_realm(kdc_context, request->server),
                      krb5_princ_component(kdc_context, request->server, 1),