diff options
| author | Ken Raeburn <raeburn@mit.edu> | 1999-09-21 23:02:41 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 1999-09-21 23:02:41 +0000 |
| commit | eabfd936255029d8826b91cad75ea84e0a179242 (patch) | |
| tree | 518bd0e7b28c206ab0a94e8f405aba9bb12fbfd0 /src/kdc/do_tgs_req.c | |
| parent | c7f20cf271feefb1df1173a7964a3a4d47b58598 (diff) | |
| download | krb5-eabfd936255029d8826b91cad75ea84e0a179242.tar.gz krb5-eabfd936255029d8826b91cad75ea84e0a179242.tar.xz krb5-eabfd936255029d8826b91cad75ea84e0a179242.zip | |
Tom's patch:
* do_tgs_req.c (process_tgs_req): Don't try to take the 2nd
component of a principal that doesn't have 2 components.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11839 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/kdc/do_tgs_req.c')
| -rw-r--r-- | src/kdc/do_tgs_req.c | 28 |
1 files changed, 19 insertions, 9 deletions
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index 7faf748da3..db10ad77c5 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -167,15 +167,19 @@ tgt_again: * should do our best to find such a TGS in this db */ if (firstpass && krb5_is_tgs_principal(request->server) == TRUE) { - krb5_data *server_1 = krb5_princ_component(kdc_context, request->server, 1); - krb5_data *tgs_1 = krb5_princ_component(kdc_context, tgs_server, 1); - - if (server_1->length != tgs_1->length || - memcmp(server_1->data, tgs_1->data, tgs_1->length)) { - krb5_db_free_principal(kdc_context, &server, nprincs); - find_alternate_tgs(request, &server, &more, &nprincs); - firstpass = 0; - goto tgt_again; + if (krb5_princ_size(kdc_context, request->server) == 2) { + krb5_data *server_1 = + krb5_princ_component(kdc_context, request->server, 1); + krb5_data *tgs_1 = + krb5_princ_component(kdc_context, tgs_server, 1); + + if (server_1->length != tgs_1->length || + memcmp(server_1->data, tgs_1->data, tgs_1->length)) { + krb5_db_free_principal(kdc_context, &server, nprincs); + find_alternate_tgs(request, &server, &more, &nprincs); + firstpass = 0; + goto tgt_again; + } } } krb5_db_free_principal(kdc_context, &server, nprincs); @@ -707,6 +711,12 @@ int *nprincs; *nprincs = 0; *more = FALSE; + /* + * Call to krb5_princ_component is normally not safe but is so + * here only because find_alternate_tgs() is only called from + * somewhere that has already checked the number of components in + * the principal. + */ if ((retval = krb5_walk_realm_tree(kdc_context, krb5_princ_realm(kdc_context, request->server), krb5_princ_component(kdc_context, request->server, 1), |