diff options
author | Greg Hudson <ghudson@mit.edu> | 2017-02-24 13:41:53 -0500 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2017-02-27 12:16:38 -0500 |
commit | 67ae7bbe1ea7032d1cb79682be3a14e7e13ec64f (patch) | |
tree | 5a5ed748c2ba428ad69a473f7a9b46bcf9a296c4 /src | |
parent | 748beda1e36d76bed8b06b272ecb72988eede94b (diff) | |
download | krb5-67ae7bbe1ea7032d1cb79682be3a14e7e13ec64f.zip krb5-67ae7bbe1ea7032d1cb79682be3a14e7e13ec64f.tar.gz krb5-67ae7bbe1ea7032d1cb79682be3a14e7e13ec64f.tar.bz2 |
Fix PKINIT two-component matching rule parsing
In pkinit_matching.c:parse_rule_set(), apply the default relation when
parsing the second component of a rule, not the third. Otherwise we
apply no default relation to two-component matching rules, effectively
reducing such rules to their second components. Reported by Sumit
Bose.
ticket: 8553 (new)
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/preauth/pkinit/pkinit_matching.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/preauth/pkinit/pkinit_matching.c b/src/plugins/preauth/pkinit/pkinit_matching.c index a3bf3f4..a50c50c 100644 --- a/src/plugins/preauth/pkinit/pkinit_matching.c +++ b/src/plugins/preauth/pkinit/pkinit_matching.c @@ -409,7 +409,7 @@ parse_rule_set(krb5_context context, } rs->num_crs = 0; while (remaining > 0) { - if (rs->relation == relation_none && rs->num_crs > 1) { + if (rs->relation == relation_none && rs->num_crs > 0) { pkiDebug("%s: Assuming AND relation for multiple components in rule '%s'\n", __FUNCTION__, rule_in); rs->relation = relation_and; |