etype info handling infinite loop

If a request contains no des-cbc-crc enctype bumt des-cbc-crc or
des-cbc-md5 existis in the database then an infinite loop is created.
Fix etype info handling to avoid this.

ticket: new
Tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15332 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 9 insertions, 2 deletions

diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog
index 11bd82825b..6fe495d341 100644
--- a/src/kdc/ChangeLog
+++ b/src/kdc/ChangeLog
@@ -1,3 +1,8 @@
+2003-04-02  Sam Hartman  <hartmans@mit.edu>
+
+	* kdc_preauth.c (get_etype_info): Avoid infinite loop if request
+	does not contain des-cbc-crc and database does 
+
 2003-04-01  Nalin Dahyabhai  <nalin@redhat.com>
 
 	* do_tgs_req.c (process_tgs_req): Check that principal name
diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index f5c1e121ab..87b0358d7d 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -568,8 +568,10 @@ get_etype_info(krb5_context context, krb5_kdc_req *request,
 	while (1) {
 	    if (!request_contains_enctype(context,
 					  request, db_etype)) {
-		if (db_etype == ENCTYPE_DES_CBC_CRC)
-                    continue;
+	      if (db_etype == ENCTYPE_DES_CBC_CRC) {
+		  db_etype = ENCTYPE_DES_CBC_MD5;
+		  continue;
+	      }
                 else break;
             }