From f227586b8033c986a67f1b73915f37b748217d22 Mon Sep 17 00:00:00 2001
From: Uri Simchoni <uri@samba.org>
Date: Sun, 8 May 2016 07:58:11 +0300
Subject: [PATCH] tgs_build_reply: fix signed-unsigned mismatch

A KVNO is unsigned and this is reflected in the internal
interfaces. However, for compatibility reasons its encoding
is signed and this creates a pointer mismatch when passing a
kvno pointer to _kdc_db_fetch.

Signed-off-by: Uri Simchoni <uri@samba.org>
---
 kdc/krb5tgs.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index 334ceb95d..6fddc830c 100644
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -1572,6 +1572,8 @@ tgs_build_reply(krb5_context context,
 	hdb_entry_ex *uu;
 	krb5_principal p;
 	Key *uukey;
+	krb5uint32 second_kvno = 0;
+	krb5uint32 *kvno_ptr = NULL;
 
 	if(b->additional_tickets == NULL ||
 	   b->additional_tickets->len == 0){
@@ -1588,8 +1590,12 @@ tgs_build_reply(krb5_context context,
 	    goto out;
 	}
 	_krb5_principalname2krb5_principal(context, &p, t->sname, t->realm);
+	if(t->enc_part.kvno){
+	    second_kvno = *t->enc_part.kvno;
+	    kvno_ptr = &second_kvno;
+	}
 	ret = _kdc_db_fetch(context, config, p,
-			    HDB_F_GET_KRBTGT, t->enc_part.kvno,
+			    HDB_F_GET_KRBTGT, kvno_ptr,
 			    NULL, &uu);
 	krb5_free_principal(context, p);
 	if(ret){