From 3a52ba6ed0630c86c6606196e3e06a10c5f68da6 Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Wed, 26 Dec 2018 16:02:44 -0500 Subject: [PATCH] lib/krb5: send_to_kdc KRB5KDC_ERR_SVC_UNAVAILABLE infinite loop #346 Prior to this change a KDC response of KRB5KDC_ERR_SVC_UNAVAILABLE would result in the client looping forever. Setting the action to KRB5_SENTO_CONTINUE repeats the current loop without altering the current state. Hence the infinite loop. As of this change, the action is set to KRB5_SENDTO_RESET which forces the current kdc's response to be cleared and then to retry. If KRB5KDC_ERR_SVC_UNAVAILABLE continues to be returned, the retry limit will be reached and the loop will end. This bug was filed by multiple sources including Samba and ScottUrban on github. Change-Id: If1611be0ada3422cefae89541ed3b3df1f6efe29 --- lib/krb5/send_to_kdc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/krb5/send_to_kdc.c b/lib/krb5/send_to_kdc.c index c92a5978a..cc77f46cf 100644 --- a/lib/krb5/send_to_kdc.c +++ b/lib/krb5/send_to_kdc.c @@ -281,7 +281,7 @@ _krb5_kdc_retry(krb5_context context, krb5_sendto_ctx ctx, void *data, break; } case KRB5KDC_ERR_SVC_UNAVAILABLE: - *action = KRB5_SENDTO_CONTINUE; + *action = KRB5_SENDTO_RESET; break; } return 0;