* kt_file.c (krb5_ktfile_get_entry): Check principal name prior to

	checking enctype.  Suggested by Wyllys Ingersoll.

ticket: 1229
status: open
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15470 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 13 insertions, 8 deletions

diff --git a/src/lib/krb5/keytab/ChangeLog b/src/lib/krb5/keytab/ChangeLog
index 87f76ed2f..a3c4f8c7a 100644
--- a/src/lib/krb5/keytab/ChangeLog
+++ b/src/lib/krb5/keytab/ChangeLog
@@ -1,3 +1,8 @@
+2003-05-22  Tom Yu  <tlyu@mit.edu>
+
+	* kt_file.c (krb5_ktfile_get_entry): Check principal name prior to
+	checking enctype.  Suggested by Wyllys Ingersoll.
+
 2003-05-19  Sam Hartman  <hartmans@mit.edu>
 
 	* ktbase.c: Register writable keytab by default
diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
index 9b7b9ae8f..3175de751 100644
--- a/src/lib/krb5/keytab/kt_file.c
+++ b/src/lib/krb5/keytab/kt_file.c
@@ -258,6 +258,14 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal
 	   and copy new_entry there, or free new_entry.  Otherwise, it
 	   leaks. */
 
+	/* if the principal isn't the one requested, free new_entry
+	   and continue to the next. */
+
+	if (!krb5_principal_compare(context, principal, new_entry.principal)) {
+	    krb5_kt_free_entry(context, &new_entry);
+	    continue;
+	}
+
 	/* if the enctype is not ignored and doesn't match, free new_entry
 	   and continue to the next */
 
@@ -281,14 +289,6 @@ krb5_ktfile_get_entry(krb5_context context, krb5_keytab id, krb5_const_principal
 
 	}
 
-	/* if the principal isn't the one requested, free new_entry
-	   and continue to the next. */
-
-	if (!krb5_principal_compare(context, principal, new_entry.principal)) {
-	    krb5_kt_free_entry(context, &new_entry);
-	    continue;
-	}
-
 	if (kvno == IGNORE_VNO) {
 	    /* if this is the first match, or if the new vno is
 	       bigger, free the current and keep the new.  Otherwise,