Skip Menu |
 

From: ghudson@mit.edu
Subject: SVN Commit

If krb5_server_decrypt_ticket_keytab doesn't find a key of the
appropriate enctype in an iterable keytab, it returns 0 (without
decrypting the ticket) due to a misplaced initialization of retval.
This bug causes kinit -k to claim "keytab entry valid" when it
shouldn't. Reported by mark@mproehl.net.

https://github.com/krb5/krb5/commit/b531f40581f6b871c08643a0e9ef11f632de0363
Commit By: ghudson
Revision: 25584
Changed Files:
U trunk/src/lib/krb5/krb/srv_dec_tkt.c
This bug applies to versions 1.8 through 1.10. It only affects the
operation of kvno -k, which is pretty obscure (it's not documented), so
I'm not sure what pullups are justified, but the fix is also minimal.
From: tlyu@mit.edu
Subject: SVN Commit

Pull up r25584 from trunk

------------------------------------------------------------------------
r25584 | ghudson | 2011-12-12 19:53:56 -0500 (Mon, 12 Dec 2011) | 9 lines

ticket: 7051
subject: krb5_server_decrypt_ticket_keytab wrongly succeeds

If krb5_server_decrypt_ticket_keytab doesn't find a key of the
appropriate enctype in an iterable keytab, it returns 0 (without
decrypting the ticket) due to a misplaced initialization of retval.
This bug causes kinit -k to claim "keytab entry valid" when it
shouldn't. Reported by mark@mproehl.net.

https://github.com/krb5/krb5/commit/54025e3dba7b9398b45232b27e68f8ccc54f7423
Commit By: tlyu
Revision: 25641
Changed Files:
U branches/krb5-1-10/src/lib/krb5/krb/srv_dec_tkt.c