s4:kdc: Ensure we don’t increase the value of entry->etypes->len

The value of entry->etypes->len ought to be equal to that of
entry->keys.len, and so should be nonzero. But it’s safer not to rely on
that assumption.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index d7fe2f543470f04fc76b256d489c61fba5bc1575..e6aadaf35393d442c52bb32da331a3336ec6e278 100644 (file)
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -1665,7 +1665,7 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
                         */
                        entry->keys.len = 1;
                        if (entry->etypes != NULL) {
-                               entry->etypes->len = 1;
+                               entry->etypes->len = MIN(entry->etypes->len, 1);
                        }
                        entry->old_keys.len = MIN(entry->old_keys.len, 1);
                        entry->older_keys.len = MIN(entry->older_keys.len, 1);