From 911c99375741281adae305f6ec3a3317023eba3e Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Wed, 21 Dec 2011 18:38:36 -0800 Subject: [PATCH] Fix reauthentication after password change in init_creds_password When retrying authentication after a password change of an expired password, use the new password instead of the original one. Also, pass in the correct length for the new password buffer to change_password and zero the buffer that holds the new password on function exit. Signed-off-by: Russ Allbery Signed-off-by: Nicolas Williams --- lib/krb5/init_creds_pw.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/krb5/init_creds_pw.c b/lib/krb5/init_creds_pw.c index e2d0f13bc..0cc866cd3 100644 --- a/lib/krb5/init_creds_pw.c +++ b/lib/krb5/init_creds_pw.c @@ -2456,7 +2456,7 @@ krb5_get_init_creds_password(krb5_context context, krb5_get_init_creds_opt *options) { krb5_init_creds_context ctx; - char buf[BUFSIZ]; + char buf[BUFSIZ], buf2[BUFSIZ]; krb5_error_code ret; int chpw = 0; @@ -2508,8 +2508,6 @@ krb5_get_init_creds_password(krb5_context context, if (ret == KRB5KDC_ERR_KEY_EXPIRED && chpw == 0) { - char buf2[1024]; - /* try to avoid recursion */ if (in_tkt_service != NULL && strcmp(in_tkt_service, "kadmin/changepw") == 0) goto out; @@ -2522,12 +2520,13 @@ krb5_get_init_creds_password(krb5_context context, client, ctx->password, buf2, - sizeof(buf), + sizeof(buf2), prompter, data, options); if (ret) goto out; + password = buf2; chpw = 1; krb5_init_creds_free(context, ctx); goto again; @@ -2541,6 +2540,7 @@ krb5_get_init_creds_password(krb5_context context, krb5_init_creds_free(context, ctx); memset(buf, 0, sizeof(buf)); + memset(buf2, 0, sizeof(buf2)); return ret; }