aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg Hudson <ghudson@mit.edu>2020-05-13 13:05:49 -0400
committerGreg Hudson <ghudson@mit.edu>2020-05-21 14:53:31 -0400
commit32f3659b836319112ed951371944ca50f19e9167 (patch)
treec4012a214b984c26b5657ff0744db00ad62151d9
parenta5d504e908836db10946145c245ffa2ccf428ca7 (diff)
downloadkrb5-32f3659b836319112ed951371944ca50f19e9167.zip
krb5-32f3659b836319112ed951371944ca50f19e9167.tar.gz
krb5-32f3659b836319112ed951371944ca50f19e9167.tar.bz2
Prevent use of invalid local TGT key
Commit 570967e11bd5ea60a82fc8157ad7d07602402ebb took a shortcut in get_local_tgt() by using the first key data entry in the TGT principal entry. This is usually correct, but if the first key data entry has an invalid enctype (such as a single-DES enctype), we can select a key we can't use. Call krb5_dbe_find_enctype() instead. Reported by Leonard Peirce. (cherry picked from commit d7ed635e822e13b89fef93463d1d132b1e03b78f) ticket: 8906 version_fixed: 1.18.2
Diffstat
-rw-r--r--src/kdc/kdc_util.c10
1 files changed, 5 insertions, 5 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c
index e5898ea..ba0ce0b 100644
--- a/src/kdc/kdc_util.c
+++ b/src/kdc/kdc_util.c
@@ -564,6 +564,7 @@ get_local_tgt(krb5_context context, const krb5_data *realm,
krb5_error_code ret;
krb5_principal princ;
krb5_db_entry *storage = NULL, *tgt;
+ krb5_key_data *kd;
*alias_out = NULL;
*storage_out = NULL;
@@ -584,12 +585,11 @@ get_local_tgt(krb5_context context, const krb5_data *realm,
tgt = candidate;
}
- if (tgt->n_key_data == 0) {
- ret = KRB5_KDB_NO_MATCHING_KEY;
+ /* Find and decrypt the first valid key of the current kvno. */
+ ret = krb5_dbe_find_enctype(context, tgt, -1, -1, 0, &kd);
+ if (ret)
goto cleanup;
- }
- ret = krb5_dbe_decrypt_key_data(context, NULL, &tgt->key_data[0], key_out,
- NULL);
+ ret = krb5_dbe_decrypt_key_data(context, NULL, kd, key_out, NULL);
if (ret)
goto cleanup;
generated by cgit v1.1 at 2024-06-28 10:43:15 +0000