>Submitter-Id: net >Originator: Mike Roszkowski >Organization: University of Wisconsin-Madison >Confidential: no >Synopsis: has_mandatory_for_kdc_authdata checks only first authdata element >Severity: non-critical >Priority: low >Category: krb5-kdc >Class: sw-bug >Release: 1.8.2 >Environment: System: Linux sugar.doit.wisc.edu 2.6.18-194.3.1.el5 #1 SMP Sun May 2 04:17:42 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux Architecture: x86_64 >Description: I was trying to debug a kdc crash and was looking at kdc_authdata.c and found what looks to be a typo in has_mandatory_for_kdc_authdata: 1 if (authdata != NULL) { 2 for (i = 0; authdata[i] != NULL; i++) { 3 if (authdata[0]->ad_type == KRB5_AUTHDATA_MANDATORY_FOR_KDC) { 4 ret = TRUE; 5 break; 6 } 7 } 8 } In the line marked "3" above, only authdata[0] is being checked. I think the intention was to check all the authdata elements, so it should be authdata[i]. >How-To-Repeat: >Fix: