Handle all-zero tags in file2 rcache type

In the unlikely case of an all-zero tag, rc_file2.c:store() could
mistake an empty record for a replay.  Check that records from the
file are non-empty (by checking that the timestamp is non-zero) before
comparing them to the tag.

ticket: 8786

diff --git a/src/lib/krb5/rcache/rc_file2.c b/src/lib/krb5/rcache/rc_file2.c
index 10f9a9281129108cf56cca0fbf16b7616b5170f8..3240776064bb2d15e78c531728398b2a4c0bbbfc 100644 (file)
--- a/src/lib/krb5/rcache/rc_file2.c
+++ b/src/lib/krb5/rcache/rc_file2.c
@@ -174,8 +174,8 @@ store(krb5_context context, int fd, const uint8_t tag[TAG_LEN], uint32_t now,
         if (ret)
             return ret;
 
-        if ((nread >= 1 && memcmp(r1tag, tag, TAG_LEN) == 0) ||
-            (nread == 2 && memcmp(r2tag, tag, TAG_LEN) == 0))
+        if ((nread >= 1 && r1stamp && memcmp(r1tag, tag, TAG_LEN) == 0) ||
+            (nread == 2 && r2stamp && memcmp(r2tag, tag, TAG_LEN) == 0))
             return KRB5KRB_AP_ERR_REPEAT;
 
         /* Make note of the first record available for writing (empty, beyond