diff --git a/lib/gssapi/ChangeLog b/lib/gssapi/ChangeLog index b94629e5d..580393d96 100644 --- a/lib/gssapi/ChangeLog +++ b/lib/gssapi/ChangeLog @@ -1,3 +1,9 @@ +2005-02-21 Luke Howard + + * init_sec_context.c: don't call krb5_get_credentials() with + KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache + growing indefinitely as no key is found with KEYTYPE_NULL + 2005-01-05 Luke Howard * 8003.c: use symbolic name for checksum type diff --git a/lib/gssapi/init_sec_context.c b/lib/gssapi/init_sec_context.c index 9de6fa629..9302e4f6d 100644 --- a/lib/gssapi/init_sec_context.c +++ b/lib/gssapi/init_sec_context.c @@ -293,10 +293,10 @@ init_auth this_cred.times.endtime = ts + time_req; } else this_cred.times.endtime = 0; - this_cred.session.keytype = 0; + this_cred.session.keytype = KEYTYPE_NULL; kret = krb5_get_credentials (gssapi_krb5_context, - KRB5_TC_MATCH_KEYTYPE, + 0, ccache, &this_cred, &cred); diff --git a/lib/gssapi/krb5/ChangeLog b/lib/gssapi/krb5/ChangeLog index b94629e5d..580393d96 100644 --- a/lib/gssapi/krb5/ChangeLog +++ b/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,9 @@ +2005-02-21 Luke Howard + + * init_sec_context.c: don't call krb5_get_credentials() with + KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache + growing indefinitely as no key is found with KEYTYPE_NULL + 2005-01-05 Luke Howard * 8003.c: use symbolic name for checksum type diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index 9de6fa629..9302e4f6d 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -293,10 +293,10 @@ init_auth this_cred.times.endtime = ts + time_req; } else this_cred.times.endtime = 0; - this_cred.session.keytype = 0; + this_cred.session.keytype = KEYTYPE_NULL; kret = krb5_get_credentials (gssapi_krb5_context, - KRB5_TC_MATCH_KEYTYPE, + 0, ccache, &this_cred, &cred);