[1037] in Kerberos-V5-bugs
compare logic in krb5_ktfile_get_entry
daemon@ATHENA.MIT.EDU (Jim Miller)
Thu Jan 5 14:59:43 1995
From: jim@bilbo.suite.com (Jim Miller)
Date: Thu, 5 Jan 95 13:59:27 -0600
To: krb5-bugs@MIT.EDU
Reply-To: Jim_Miller@suite.com
This bug report is for KRB5, beta 4, patchlevel 3.
The logic in "krb5_ktfile_get_entry" for determining if the search has
located the requested entry doesn't seem to use "kvno" correctly. Here's
the code:
while (TRUE) {
.
.
if (krb5_principal_compare(principal, new_entry.principal)) {
if (kvno == IGNORE_VNO) {
if (cur_entry.vno < new_entry.vno) {
krb5_kt_free_entry(&cur_entry);
cur_entry = new_entry;
}
} else {
cur_entry = new_entry; <- *** doesn't test for
break; matching kvno
}
} else {
krb5_kt_free_entry(&new_entry);
}
}
I expected it to look something like:
while (TRUE) {
.
.
if (krb5_principal_compare(principal, new_entry.principal)) {
if (kvno == IGNORE_VNO) {
/* get the highest vno */ <- ***
if (cur_entry.vno < new_entry.vno) {
krb5_kt_free_entry(&cur_entry);
cur_entry = new_entry;
continue; <- ***
}
} else if (new_entry.vno == kvno) { <- ***
/* this is the vno we want */ <- ***
krb5_kt_free_entry(&cur_entry); <- ***
cur_entry = new_entry;
break;
}
}
/* principal didn't match or wrong vno */ <- ***
krb5_kt_free_entry(&new_entry);
}
Jim_Miller@suite.com
