Fix KDC to drop repeated in-progress requests

When a KDC receives a repeated request while the original request is still in progress, it is supposed to be to drop the request. Commit f07760088b72a11c54dd72efbc5739f231a4d4b0 introduced a bug in this logic, causing the KDC to instead send an empty reply. In kdc_check_lookaside(), return a NULL reply_packet for empty entries, restoring the expected behavior. [ghudson@mit.edu: edited commit message, added a comment] (cherry picked from commit 847fc7b3caa823c219c97cc307ccb8d7d519a20f) ticket: 8477 version_fixed: 1.13.7
author: Sarah Day <sarahday@mit.edu> 2016-08-15 16:11:31 -0400
committer: Tom Yu <tlyu@mit.edu> 2016-09-02 18:30:32 -0400
commit: 6b0085918a61e6dbe2a661ac46919bd90a5aa0ce (patch)
tree: a86075ff6778c4b0c2d482072115d800444acc6b
parent: dbc0548cb76b5fc557c7aea70147c780321fae7f (diff)
download: krb5-6b0085918a61e6dbe2a661ac46919bd90a5aa0ce.zip
krb5-6b0085918a61e6dbe2a661ac46919bd90a5aa0ce.tar.gz
krb5-6b0085918a61e6dbe2a661ac46919bd90a5aa0ce.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/src/kdc/replay.c b/src/kdc/replay.c
index 3eee6e8..05b5199 100644
--- a/src/kdc/replay.c
+++ b/src/kdc/replay.c
@@ -177,6 +177,11 @@ kdc_check_lookaside(krb5_context kcontext, krb5_data *req_packet,
 
     e->num_hits++;
     hits++;
+
+    /* Leave *reply_packet_out as NULL for an in-progress entry. */
+    if (e->reply_packet.length == 0)
+        return TRUE;
+
     return (krb5_copy_data(kcontext, &e->reply_packet,
                            reply_packet_out) == 0);
 }
author	Sarah Day <sarahday@mit.edu>	2016-08-15 16:11:31 -0400
committer	Tom Yu <tlyu@mit.edu>	2016-09-02 18:30:32 -0400
commit	6b0085918a61e6dbe2a661ac46919bd90a5aa0ce (patch)
tree	a86075ff6778c4b0c2d482072115d800444acc6b
parent	dbc0548cb76b5fc557c7aea70147c780321fae7f (diff)
download	krb5-6b0085918a61e6dbe2a661ac46919bd90a5aa0ce.zip krb5-6b0085918a61e6dbe2a661ac46919bd90a5aa0ce.tar.gz krb5-6b0085918a61e6dbe2a661ac46919bd90a5aa0ce.tar.bz2