don't call krb5_get_credentials() with

KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache growing indefinitely as no key is found with KEYTYPE_NULL git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14583 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-02-21 08:44:25 +00:00
parent 0352c20280
commit 1d02386069
4 changed files with 16 additions and 4 deletions
--- a/lib/gssapi/ChangeLog
+++ b/lib/gssapi/ChangeLog
@@ -1,3 +1,9 @@
+2005-02-21  Luke Howard  <lukeh@padl.com>
+
+	* init_sec_context.c: don't call krb5_get_credentials() with
+	  KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache
+	  growing indefinitely as no key is found with KEYTYPE_NULL
+
 2005-01-05  Luke Howard  <lukeh@padl.com>

 	* 8003.c: use symbolic name for checksum type
--- a/lib/gssapi/init_sec_context.c
+++ b/lib/gssapi/init_sec_context.c
@@ -293,10 +293,10 @@ init_auth
 	this_cred.times.endtime = ts + time_req;
    } else
 	this_cred.times.endtime   = 0;
-    this_cred.session.keytype = 0;
+    this_cred.session.keytype = KEYTYPE_NULL;

    kret = krb5_get_credentials (gssapi_krb5_context,
-				 KRB5_TC_MATCH_KEYTYPE,
+				 0,
 				 ccache,
 				 &this_cred,
 				 &cred);
--- a/lib/gssapi/krb5/ChangeLog
+++ b/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,9 @@
+2005-02-21  Luke Howard  <lukeh@padl.com>
+
+	* init_sec_context.c: don't call krb5_get_credentials() with
+	  KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache
+	  growing indefinitely as no key is found with KEYTYPE_NULL
+
 2005-01-05  Luke Howard  <lukeh@padl.com>

 	* 8003.c: use symbolic name for checksum type
--- a/lib/gssapi/krb5/init_sec_context.c
+++ b/lib/gssapi/krb5/init_sec_context.c
@@ -293,10 +293,10 @@ init_auth
 	this_cred.times.endtime = ts + time_req;
    } else
 	this_cred.times.endtime   = 0;
-    this_cred.session.keytype = 0;
+    this_cred.session.keytype = KEYTYPE_NULL;

    kret = krb5_get_credentials (gssapi_krb5_context,
-				 KRB5_TC_MATCH_KEYTYPE,
+				 0,
 				 ccache,
 				 &this_cred,
 				 &cred);