From d41919bb06bc1fb66681383bd885dfd593779b9f Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 18 Dec 2009 13:17:45 -0500
Subject: Do not blindly accept zero-length passwords

---
 server/providers/krb5/krb5_auth.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'server/providers/krb5/krb5_auth.c')

diff --git a/server/providers/krb5/krb5_auth.c b/server/providers/krb5/krb5_auth.c
index 74981b19b..a124371ed 100644
--- a/server/providers/krb5/krb5_auth.c
+++ b/server/providers/krb5/krb5_auth.c
@@ -316,7 +316,7 @@ errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf)
         return ENOMEM;
     }
 
-    buf->size = 8*sizeof(uint32_t) + strlen(kr->pd->upn) + strlen(kr->ccname) +
+    buf->size = 9*sizeof(uint32_t) + strlen(kr->pd->upn) + strlen(kr->ccname) +
                 strlen(keytab) +
                 kr->pd->authtok_size;
     if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) {
@@ -343,6 +343,9 @@ errno_t create_send_buffer(struct krb5child_req *kr, struct io_buffer **io_buf)
     ((uint32_t *)(&buf->data[rp]))[0] = validate;
     rp += sizeof(uint32_t);
 
+    ((uint32_t *)(&buf->data[rp]))[0] = kr->is_offline;
+    rp += sizeof(uint32_t);
+
     ((uint32_t *)(&buf->data[rp]))[0] = (uint32_t) strlen(kr->pd->upn);
     rp += sizeof(uint32_t);
 
-- 
cgit