From 1b03abb2508e8ec9ce1bbcf1ed3b31da8866dc63 Mon Sep 17 00:00:00 2001
From: Nicolas Williams <nico@cryptonector.com>
Date: Thu, 6 Oct 2011 00:55:54 -0500
Subject: [PATCH] This should be the final fix for enctype 0 issues (tested)

    But how to build an MIT KDB with enctype 0 keys for testing in
    Heimdal?  Hmmm...
---
 lib/hdb/hdb-mitdb.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/hdb/hdb-mitdb.c b/lib/hdb/hdb-mitdb.c
index 45f118ad0..4e8b4424b 100644
--- a/lib/hdb/hdb-mitdb.c
+++ b/lib/hdb/hdb-mitdb.c
@@ -237,8 +237,8 @@ mdb_keyvalue2key(krb5_context context, hdb_entry *entry, krb5_storage *sp, uint1
 	     * the key given its enctype, so we ignore this
 	     * 16-bit length-of-plaintext-key field.
 	     */
-	    krb5_storage_seek(sp, 2, SEEK_CUR); /* skip real length */
-	    if (u16 >= 2) {
+	    if (u16 > 2) {
+		krb5_storage_seek(sp, 2, SEEK_CUR); /* skip real length */
 		k->key.keyvalue.length = u16 - 2;   /* adjust cipher len */
 		k->key.keyvalue.data = malloc(k->key.keyvalue.length);
 		krb5_storage_read(sp, k->key.keyvalue.data,
@@ -246,7 +246,8 @@ mdb_keyvalue2key(krb5_context context, hdb_entry *entry, krb5_storage *sp, uint1
 	    } else {
 		/* We'll ignore this key; see our caller */
 		k->key.keyvalue.length = 0;
-		krb5_storage_seek(sp, u16, SEEK_CUR);
+		k->key.keyvalue.data = NULL;
+		krb5_storage_seek(sp, u16, SEEK_CUR); /* skip real length */
 	    }
 	} else if (i == 1) {
 	    /* This "version" means we have a salt */