From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 13 Dec 2012 19:53:58 +0000 (-0500)
Subject: Use an empty challenge for the password question
X-Git-Tag: krb5-1.12-alpha1~419
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=70f2d9a093c71624269b2317c62ad0993126bc40;p=thirdparty%2Fkrb5.git

Use an empty challenge for the password question

If a question's challenge is NULL, it is unnecessarily difficult for a
responder callback to detect whether it was asked.  So it's better to
use an empty challenge when there is no challenge data to communicate.
Do this for the "password" question.

ticket: 7499 (new)
target_version: 1.11
tags: pullup
---

diff --git a/src/lib/krb5/krb/gic_pwd.c b/src/lib/krb5/krb/gic_pwd.c
index 8ffa342be6..30da8c9b36 100644
--- a/src/lib/krb5/krb/gic_pwd.c
+++ b/src/lib/krb5/krb/gic_pwd.c
@@ -36,7 +36,7 @@ krb5_get_as_key_password(krb5_context context,
 
         return k5_response_items_ask_question(ritems,
                                               KRB5_RESPONDER_QUESTION_PASSWORD,
-                                              NULL );
+                                              "");
     }
 
     /* If there's already a key of the correct etype, we're done.