From 99eb264df2d4b2c636d647633f9f4756d041a45c Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 11 Jan 2012 05:12:47 +0000 Subject: [PATCH] krb5_server_decrypt_ticket_keytab wrongly succeeds Pull up r25584 from trunk ------------------------------------------------------------------------ r25584 | ghudson | 2011-12-12 19:53:56 -0500 (Mon, 12 Dec 2011) | 9 lines ticket: 7051 subject: krb5_server_decrypt_ticket_keytab wrongly succeeds If krb5_server_decrypt_ticket_keytab doesn't find a key of the appropriate enctype in an iterable keytab, it returns 0 (without decrypting the ticket) due to a misplaced initialization of retval. This bug causes kinit -k to claim "keytab entry valid" when it shouldn't. Reported by mark@mproehl.net. ticket: 7070 version_fixed: 1.8.6 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-8@25643 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/srv_dec_tkt.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/lib/krb5/krb/srv_dec_tkt.c b/src/lib/krb5/krb/srv_dec_tkt.c index f266fa5e9..b8660feff 100644 --- a/src/lib/krb5/krb/srv_dec_tkt.c +++ b/src/lib/krb5/krb/srv_dec_tkt.c @@ -79,8 +79,6 @@ krb5_server_decrypt_ticket_keytab(krb5_context context, krb5_error_code retval; krb5_keytab_entry ktent; - retval = KRB5_KT_NOTFOUND; - if (keytab->ops->start_seq_get == NULL) { retval = krb5_kt_get_entry(context, keytab, ticket->server, @@ -99,6 +97,7 @@ krb5_server_decrypt_ticket_keytab(krb5_context context, if (retval != 0) goto map_error; + retval = KRB5_KT_NOTFOUND; while ((code = krb5_kt_next_entry(context, keytab, &ktent, &cursor)) == 0) { if (ktent.key.enctype != ticket->enc_part.enctype) -- 2.26.2