fix kadmind startup failure with krb4 vuln patch

	* keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype
	comparison if the requested enctype is a wildcard.

ticket: new
status: open
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15295 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 15 insertions, 8 deletions

diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog
index 4592b4c195..e461fdc273 100644
--- a/src/lib/kdb/ChangeLog
+++ b/src/lib/kdb/ChangeLog
@@ -1,3 +1,8 @@
+2003-03-18  Tom Yu  <tlyu@mit.edu>
+
+	* keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype
+	comparison if the requested enctype is a wildcard.
+
 2003-03-16  Sam Hartman  <hartmans@mit.edu>
 
 	* keytab.c (krb5_ktkdb_get_entry):  Match only against the first
diff --git a/src/lib/kdb/keytab.c b/src/lib/kdb/keytab.c
index 6a1dea1524..90a81cac84 100644
--- a/src/lib/kdb/keytab.c
+++ b/src/lib/kdb/keytab.c
@@ -172,15 +172,17 @@ krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
     if (kerror)
 	goto error;
 
-    kerror = krb5_c_enctype_compare(context, enctype, entry->key.enctype, &similar);
-    if (kerror)
-	goto error;
-
-    if (!similar) {
-		kerror = KRB5_KDB_NO_PERMITTED_KEY;
-	goto error;
+    if (enctype > 0) {	
+	kerror = krb5_c_enctype_compare(context, enctype,
+					entry->key.enctype, &similar);
+	if (kerror)
+	    goto error;
+
+	if (!similar) {
+	    kerror = KRB5_KDB_NO_PERMITTED_KEY;
+	    goto error;
+	}
     }
-
     /*
      * Coerce the enctype of the output keyblock in case we got an
      * inexact match on the enctype.