* login.c (main): Reorder some control flow to avoid security hole

	if KRB4_GET_TICKETS is not defined.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12001 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 9 insertions, 6 deletions

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index dcf0d0436..e5b56a40a 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,8 @@
+2000-02-04  Tom Yu  <tlyu@mit.edu>
+
+	* login.c (main): Reorder some control flow to avoid security hole
+	if KRB4_GET_TICKETS is not defined.
+
 2000-01-27  Ken Raeburn  <raeburn@mit.edu>
 
 	* krlogin.c (speeds): Added some comments from net recommending
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
index d9789a721..237cb4a7d 100644
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -1455,11 +1455,10 @@ int main(argc, argv)
 #ifdef KRB5_GET_TICKETS
     if (login_krb5_get_tickets)
 	dofork();
-    else
 #endif
 #ifdef KRB4_GET_TICKETS
-	if (login_krb4_get_tickets)
-	    dofork();
+    else if (login_krb4_get_tickets)
+	dofork();
 #endif
 
 /* If the user's shell does not do job control we should put it in a
@@ -1587,11 +1586,10 @@ int main(argc, argv)
 #ifdef KRB5_GET_TICKETS
     if (forwarded_v5_tickets)
 	destroy_tickets();
-    else
 #endif
 #ifdef KRB4_GET_TICKETS
-	if (got_v4_tickets)
-	    destroy_tickets();
+    else if (got_v4_tickets)
+        destroy_tickets();
 #endif
 
 #ifdef OQUOTA