[1862] in Kerberos-V5-bugs
krb5_ktfile_get_entry does not check vno
daemon@ATHENA.MIT.EDU (michael shiplett)
Fri Apr 5 23:06:02 1996
To: krb5-bugs@MIT.EDU
From: michael shiplett <walrus@ans.net>
Date: Fri, 05 Apr 1996 23:05:43 -0500
Greetings,
In getting a k5 version of ksrvutil (logging into the kerberos server
for this seems silly), I've found a problem with
src/lib/krb5/keytab/file/ktf_g_ent.c---it does not check to see
whether the keytab entry's version number matches the caller specified
value. The only current vno check is whether to ignore vno completely.
I've appended the patch I'm using.
michael
===================================================================
RCS file: /usr/local/src/kerberos-5/src/lib/krb5/keytab/file/ktf_g_ent.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 ktf_g_ent.c
--- ktf_g_ent.c 1996/03/19 21:32:57 1.1.1.1
+++ ktf_g_ent.c 1996/04/06 04:02:01
@@ -61,14 +61,14 @@
if (cur_entry.vno < new_entry.vno) {
krb5_kt_free_entry(context, &cur_entry);
cur_entry = new_entry;
+ continue;
}
- } else {
+ } else if (kvno == new_entry.vno) {
cur_entry = new_entry;
break;
}
- } else {
- krb5_kt_free_entry(context, &new_entry);
}
+ krb5_kt_free_entry(context, &new_entry);
}
if (kerror == KRB5_KT_END)
kerror = cur_entry.principal ? 0 : KRB5_KT_NOTFOUND;
