From: Ken Raeburn <raeburn@mit.edu>
Date: Tue, 21 Sep 1999 23:02:41 +0000 (+0000)
Subject: Tom's patch:
X-Git-Tag: krb5-1.2-beta1~225
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=eabfd936255029d8826b91cad75ea84e0a179242;p=krb5.git

Tom's patch:
* do_tgs_req.c (process_tgs_req): Don't try to take the 2nd
component of a principal that doesn't have 2 components.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11839 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 980faf7c0..298061e18 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,8 @@
+1999-09-13  Tom Yu  <tlyu@mit.edu>
+
+	* do_tgs_req.c (process_tgs_req): Don't try to take the 2nd
+	component of a principal that doesn't have 2 components.
+
 1999-09-01  Ken Raeburn  <raeburn@mit.edu>
 
 	* kdc_util.c (select_session_keytype): If none of the requested
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
index 7faf748da..db10ad77c 100644
--- a/src/kdc/do_tgs_req.c
+++ b/src/kdc/do_tgs_req.c
@@ -167,15 +167,19 @@ tgt_again:
 	 * should do our best to find such a TGS in this db
 	 */
 	if (firstpass && krb5_is_tgs_principal(request->server) == TRUE) {
-	    krb5_data *server_1 = krb5_princ_component(kdc_context, request->server, 1);
-	    krb5_data *tgs_1 = krb5_princ_component(kdc_context, tgs_server, 1);
-
-	    if (server_1->length != tgs_1->length ||
-		memcmp(server_1->data, tgs_1->data, tgs_1->length)) {
-		krb5_db_free_principal(kdc_context, &server, nprincs);
-		find_alternate_tgs(request, &server, &more, &nprincs);
-		firstpass = 0;
-		goto tgt_again;
+	    if (krb5_princ_size(kdc_context, request->server) == 2) {
+		krb5_data *server_1 =
+		    krb5_princ_component(kdc_context, request->server, 1);
+		krb5_data *tgs_1 =
+		    krb5_princ_component(kdc_context, tgs_server, 1);
+
+		if (server_1->length != tgs_1->length ||
+		    memcmp(server_1->data, tgs_1->data, tgs_1->length)) {
+		    krb5_db_free_principal(kdc_context, &server, nprincs);
+		    find_alternate_tgs(request, &server, &more, &nprincs);
+		    firstpass = 0;
+		    goto tgt_again;
+		}
 	    }
 	}
 	krb5_db_free_principal(kdc_context, &server, nprincs);
@@ -707,6 +711,12 @@ int *nprincs;
     *nprincs = 0;
     *more = FALSE;
 
+    /*
+     * Call to krb5_princ_component is normally not safe but is so
+     * here only because find_alternate_tgs() is only called from
+     * somewhere that has already checked the number of components in
+     * the principal.
+     */
     if ((retval = krb5_walk_realm_tree(kdc_context, 
 		      krb5_princ_realm(kdc_context, request->server),
 		      krb5_princ_component(kdc_context, request->server, 1),