diff options
author | Sarah Day <sarahday@mit.edu> | 2016-08-15 16:11:31 -0400 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2016-09-02 18:30:32 -0400 |
commit | 6b0085918a61e6dbe2a661ac46919bd90a5aa0ce (patch) | |
tree | a86075ff6778c4b0c2d482072115d800444acc6b /src/kdc | |
parent | dbc0548cb76b5fc557c7aea70147c780321fae7f (diff) | |
download | krb5-6b0085918a61e6dbe2a661ac46919bd90a5aa0ce.zip krb5-6b0085918a61e6dbe2a661ac46919bd90a5aa0ce.tar.gz krb5-6b0085918a61e6dbe2a661ac46919bd90a5aa0ce.tar.bz2 |
Fix KDC to drop repeated in-progress requests
When a KDC receives a repeated request while the original request is
still in progress, it is supposed to be to drop the request. Commit
f07760088b72a11c54dd72efbc5739f231a4d4b0 introduced a bug in this
logic, causing the KDC to instead send an empty reply. In
kdc_check_lookaside(), return a NULL reply_packet for empty entries,
restoring the expected behavior.
[ghudson@mit.edu: edited commit message, added a comment]
(cherry picked from commit 847fc7b3caa823c219c97cc307ccb8d7d519a20f)
ticket: 8477
version_fixed: 1.13.7
Diffstat (limited to 'src/kdc')
-rw-r--r-- | src/kdc/replay.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/kdc/replay.c b/src/kdc/replay.c index 3eee6e8..05b5199 100644 --- a/src/kdc/replay.c +++ b/src/kdc/replay.c @@ -177,6 +177,11 @@ kdc_check_lookaside(krb5_context kcontext, krb5_data *req_packet, e->num_hits++; hits++; + + /* Leave *reply_packet_out as NULL for an in-progress entry. */ + if (e->reply_packet.length == 0) + return TRUE; + return (krb5_copy_data(kcontext, &e->reply_packet, reply_packet_out) == 0); } |