Avoid infinite loop on duplicate keysalts

When duplicate suppression was requested, we would enter an
infinite loop upon encountering a duplicate entry, a bug
introduced in commit 0918990bf1d8560d74473fc0e41d08d433da1a15
and thus present in release 1.13.

Rework the conditional to avoid the loop, at the expense of
additional indentation for some of the code.

Ticket: 8038
tags: pullup
target_version: 1.13.1

1 files changed, 10 insertions, 11 deletions

diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c
index 216b580bd..c28a1e932 100644
--- a/src/lib/kadm5/str_conv.c
+++ b/src/lib/kadm5/str_conv.c
@@ -300,18 +300,17 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps,
             goto cleanup;
 
         /* Ignore duplicate keysalts if caller asks. */
-        if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype))
-            continue;
-
-        ksalts_new = realloc(ksalts, (nksalts + 1) * sizeof(*ksalts));
-        if (ksalts_new == NULL) {
-            ret = ENOMEM;
-            goto cleanup;
+        if (dups || !krb5_keysalt_is_present(ksalts, nksalts, etype, stype)) {
+            ksalts_new = realloc(ksalts, (nksalts + 1) * sizeof(*ksalts));
+            if (ksalts_new == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+            ksalts = ksalts_new;
+            ksalts[nksalts].ks_enctype = etype;
+            ksalts[nksalts].ks_salttype = stype;
+            nksalts++;
         }
-        ksalts = ksalts_new;
-        ksalts[nksalts].ks_enctype = etype;
-        ksalts[nksalts].ks_salttype = stype;
-        nksalts++;
         ksp = strtok_r(NULL, tseps, &tlasts);
     }
     *ksaltp = ksalts;