[29563] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix KDC to drop repeated in-progress requests
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Aug 16 10:59:49 2016
Date: Tue, 16 Aug 2016 10:59:44 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201608161459.u7GExiB0009172@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/847fc7b3caa823c219c97cc307ccb8d7d519a20f
commit 847fc7b3caa823c219c97cc307ccb8d7d519a20f
Author: Sarah Day <sarahday@mit.edu>
Date: Mon Aug 15 16:11:31 2016 -0400
Fix KDC to drop repeated in-progress requests
When a KDC receives a repeated request while the original request is
still in progress, it is supposed to be to drop the request. Commit
f07760088b72a11c54dd72efbc5739f231a4d4b0 introduced a bug in this
logic, causing the KDC to instead send an empty reply. In
kdc_check_lookaside(), return a NULL reply_packet for empty entries,
restoring the expected behavior.
[ghudson@mit.edu: edited commit message, added a comment]
ticket: 8477 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
src/kdc/replay.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/kdc/replay.c b/src/kdc/replay.c
index 76fd772..2d93498 100644
--- a/src/kdc/replay.c
+++ b/src/kdc/replay.c
@@ -177,6 +177,11 @@ kdc_check_lookaside(krb5_context kcontext, krb5_data *req_packet,
e->num_hits++;
hits++;
+
+ /* Leave *reply_packet_out as NULL for an in-progress entry. */
+ if (e->reply_packet.length == 0)
+ return TRUE;
+
return (krb5_copy_data(kcontext, &e->reply_packet,
reply_packet_out) == 0);
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
