diff options
| author | Greg Hudson <ghudson@mit.edu> | 2017-02-24 13:41:53 -0500 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2017-02-27 12:31:41 -0500 |
| commit | eb54f32ec84f945f1857bc289ca7ea37524424bb (patch) | |
| tree | 2c6759c001a6ce6bd069cb11cc14bc0a2ee4fb3a | |
| parent | 55ad97d03c9581cf8c6a868e9151702e53071a62 (diff) | |
| download | krb5-eb54f32ec84f945f1857bc289ca7ea37524424bb.zip krb5-eb54f32ec84f945f1857bc289ca7ea37524424bb.tar.gz krb5-eb54f32ec84f945f1857bc289ca7ea37524424bb.tar.bz2 | |
Fix PKINIT two-component matching rule parsing
In pkinit_matching.c:parse_rule_set(), apply the default relation when
parsing the second component of a rule, not the third. Otherwise we
apply no default relation to two-component matching rules, effectively
reducing such rules to their second components. Reported by Sumit
Bose.
(cherry picked from commit 67ae7bbe1ea7032d1cb79682be3a14e7e13ec64f)
ticket: 8553
version_fixed: 1.15.1
| -rw-r--r-- | src/plugins/preauth/pkinit/pkinit_matching.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_matching.c b/src/plugins/preauth/pkinit/pkinit_matching.c index a3bf3f4..a50c50c 100644 --- a/src/plugins/preauth/pkinit/pkinit_matching.c +++ b/src/plugins/preauth/pkinit/pkinit_matching.c @@ -409,7 +409,7 @@ parse_rule_set(krb5_context context, } rs->num_crs = 0; while (remaining > 0) { - if (rs->relation == relation_none && rs->num_crs > 1) { + if (rs->relation == relation_none && rs->num_crs > 0) { pkiDebug("%s: Assuming AND relation for multiple components in rule '%s'\n", __FUNCTION__, rule_in); rs->relation = relation_and; |