9f6baf00f6
The function, found in lib/krb5/mit_glue.c, is currently using krb5_generate_random_keyblock(). This compiles because warning-level is not high enough, but does not work. At runtime the krb5_generate_random_keyblock() interprets the second argument as the krb5_enctype (rather than a length of anything) and tries to verify it. When the length does not match any known enctype, as usually happens, the function fails and returns an error. If the length happened to correspond to an enctype, the function would likely crash due to misinterpreting its third argument as a valid krb5_keyblock. The change uses krb5_generate_random_block() instead. This function does not return anything -- upon detecting failure it will cause the entire application to exist instead... Change-Id: I865a360037a513ce91abc7abba1dc554f844b464
11 KiB
11 KiB