[31421] in CVS-changelog-for-Kerberos-V5

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

krb5 commit: Fix conditional in kadm5_chpass_principal_3()

daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Tue Apr 22 15:10:44 2025

From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20250422191040.B216A102D28@krbdev.mit.edu>
Date: Tue, 22 Apr 2025 15:10:40 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/42e2a33ada511bd1b52df71d763bf1156355d332
commit 42e2a33ada511bd1b52df71d763bf1156355d332
Author: Greg Hudson <ghudson@mit.edu>
Date:   Wed Apr 9 20:22:15 2025 -0400

    Fix conditional in kadm5_chpass_principal_3()
    
    Ensure that kadm5_chpass_principal_3() does not reference pol or hist
    when the principal has a policy reference but the policy does not
    exist.  (Both structures are zeroed in this case, so the resulting
    checks are pointless but have defined and harmless behavior.)

 src/lib/kadm5/srv/svr_principal.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c
index 1557937f2..8f381882d 100644
--- a/src/lib/kadm5/srv/svr_principal.c
+++ b/src/lib/kadm5/srv/svr_principal.c
@@ -1304,9 +1304,7 @@ kadm5_chpass_principal_3(void *server_handle,
         goto done;
 
     kdb->pw_expiration = 0;
-    if ((adb.aux_attributes & KADM5_POLICY)) {
-        /* the policy was loaded before */
-
+    if (have_pol) {
         ret = check_pw_reuse(handle->context, hist_keyblocks,
                              kdb->n_key_data, kdb->key_data,
                              1, &hist);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5

home	help	back	first	fref	pref	prev	next	nref	lref	last	post