lib/krb5: send_to_kdc KRB5KDC_ERR_SVC_UNAVAILABLE infinite loop #346

Prior to this change a KDC response of KRB5KDC_ERR_SVC_UNAVAILABLE
would result in the client looping forever.  Setting the action to
KRB5_SENTO_CONTINUE repeats the current loop without altering the
current state.  Hence the infinite loop.

As of this change, the action is set to KRB5_SENDTO_RESET which
forces the current kdc's response to be cleared and then to retry.
If KRB5KDC_ERR_SVC_UNAVAILABLE continues to be returned, the retry
limit will be reached and the loop will end.

This bug was filed by multiple sources including Samba and ScottUrban
on github.

Change-Id: If1611be0ada3422cefae89541ed3b3df1f6efe29
This commit is contained in:
Jeffrey Altman
2018-12-26 16:02:44 -05:00
committed by Jeffrey Altman
parent 60b25dd9c5
commit 3a52ba6ed0

View File

@@ -281,7 +281,7 @@ _krb5_kdc_retry(krb5_context context, krb5_sendto_ctx ctx, void *data,
break;
}
case KRB5KDC_ERR_SVC_UNAVAILABLE:
*action = KRB5_SENDTO_CONTINUE;
*action = KRB5_SENDTO_RESET;
break;
}
return 0;