From 2b112c9a0680bfe6d24d0fd51b050a94a62d3b8c Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Fri, 19 Jan 2001 04:25:37 +0000
Subject: [PATCH] (krb5_rd_safe): handle no sequence number as zero when we
 were expecting a sequence number.  MIT krb5 cannot generate a sequence number
 of zero, instead generating no sequence number

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9483 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/rd_safe.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/lib/krb5/rd_safe.c b/lib/krb5/rd_safe.c
index cdbb6f1bf..cb2fecec4 100644
--- a/lib/krb5/rd_safe.c
+++ b/lib/krb5/rd_safe.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -146,10 +146,16 @@ krb5_rd_safe(krb5_context context,
   }
   /* XXX - check replay cache */
 
-  /* check sequence number */
+  /* check sequence number. since MIT krb5 cannot generate a sequence
+     number of zero but instead generates no sequence number, we accept that
+  */
+
   if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
-      if (safe.safe_body.seq_number == NULL ||
-	  *safe.safe_body.seq_number != auth_context->remote_seqnumber) {
+      if ((safe.safe_body.seq_number == NULL
+	   && auth_context->remote_seqnumber != 0)
+	  || (safe.safe_body.seq_number != NULL
+	      && *safe.safe_body.seq_number !=
+	      auth_context->remote_seqnumber)) {
 	  ret = KRB5KRB_AP_ERR_BADORDER;
 	  goto failure;
       }