From 6b0085918a61e6dbe2a661ac46919bd90a5aa0ce Mon Sep 17 00:00:00 2001 From: Sarah Day Date: Mon, 15 Aug 2016 16:11:31 -0400 Subject: Fix KDC to drop repeated in-progress requests When a KDC receives a repeated request while the original request is still in progress, it is supposed to be to drop the request. Commit f07760088b72a11c54dd72efbc5739f231a4d4b0 introduced a bug in this logic, causing the KDC to instead send an empty reply. In kdc_check_lookaside(), return a NULL reply_packet for empty entries, restoring the expected behavior. [ghudson@mit.edu: edited commit message, added a comment] (cherry picked from commit 847fc7b3caa823c219c97cc307ccb8d7d519a20f) ticket: 8477 version_fixed: 1.13.7 --- src/kdc/replay.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/kdc/replay.c b/src/kdc/replay.c index 3eee6e8..05b5199 100644 --- a/src/kdc/replay.c +++ b/src/kdc/replay.c @@ -177,6 +177,11 @@ kdc_check_lookaside(krb5_context kcontext, krb5_data *req_packet, e->num_hits++; hits++; + + /* Leave *reply_packet_out as NULL for an in-progress entry. */ + if (e->reply_packet.length == 0) + return TRUE; + return (krb5_copy_data(kcontext, &e->reply_packet, reply_packet_out) == 0); } -- cgit v1.1