From 152899f04f18c7e255f7ec67ae22326f93889a57 Mon Sep 17 00:00:00 2001
From: Tom Yu <tlyu@mit.edu>
Date: Sun, 6 Feb 2000 21:57:32 +0000
Subject: [PATCH] 	* login.c (main): Reorder some control flow to avoid
 security hole 	if KRB4_GET_TICKETS is not defined.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12001 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/appl/bsd/ChangeLog |  5 +++++
 src/appl/bsd/login.c   | 10 ++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index dcf0d0436..e5b56a40a 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,8 @@
+2000-02-04  Tom Yu  <tlyu@mit.edu>
+
+	* login.c (main): Reorder some control flow to avoid security hole
+	if KRB4_GET_TICKETS is not defined.
+
 2000-01-27  Ken Raeburn  <raeburn@mit.edu>
 
 	* krlogin.c (speeds): Added some comments from net recommending
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
index d9789a721..237cb4a7d 100644
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -1455,11 +1455,10 @@ int main(argc, argv)
 #ifdef KRB5_GET_TICKETS
     if (login_krb5_get_tickets)
 	dofork();
-    else
 #endif
 #ifdef KRB4_GET_TICKETS
-	if (login_krb4_get_tickets)
-	    dofork();
+    else if (login_krb4_get_tickets)
+	dofork();
 #endif
 
 /* If the user's shell does not do job control we should put it in a
@@ -1587,11 +1586,10 @@ int main(argc, argv)
 #ifdef KRB5_GET_TICKETS
     if (forwarded_v5_tickets)
 	destroy_tickets();
-    else
 #endif
 #ifdef KRB4_GET_TICKETS
-	if (got_v4_tickets)
-	    destroy_tickets();
+    else if (got_v4_tickets)
+        destroy_tickets();
 #endif
 
 #ifdef OQUOTA
-- 
2.26.2