From: Volker Lendecke Date: Tue, 3 Feb 2026 17:34:44 +0000 (+0100) Subject: auth: Refactor check_pac_checksum to improve readability X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=271228384c4d6f015aa725af2e63b0aef1686ef0;p=thirdparty%2Fsamba.git auth: Refactor check_pac_checksum to improve readability Use ARRAY_SIZE over terminating array element. Easier to read for me. Signed-off-by: Volker Lendecke Reviewed-by: Anoop C S --- diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c index 321c6cafb37..ef1c0fa484c 100644 --- a/auth/kerberos/kerberos_pac.c +++ b/auth/kerberos/kerberos_pac.c @@ -55,10 +55,10 @@ krb5_error_code check_pac_checksum(DATA_BLOB pac_data, /* RFC8009 types. Not supported by AD yet but used by FreeIPA and MIT Kerberos */ {CKSUMTYPE_HMAC_SHA256_128_AES128, ENCTYPE_AES128_CTS_HMAC_SHA256_128}, {CKSUMTYPE_HMAC_SHA384_192_AES256, ENCTYPE_AES256_CTS_HMAC_SHA384_192}, - {0, 0}, }; + size_t num_supported_types = ARRAY_SIZE(supported_types); - for(idx = 0; supported_types[idx].cksum_type != 0; idx++) { + for (idx = 0; idx < num_supported_types; idx++) { if (sig->type == supported_types[idx].cksum_type) { if (KRB5_KEY_TYPE(keyblock) != supported_types[idx].enc_type) { return EINVAL; @@ -70,7 +70,7 @@ krb5_error_code check_pac_checksum(DATA_BLOB pac_data, /* do not do key type check for HMAC-MD5 */ if ((sig->type != CKSUMTYPE_HMAC_MD5) && - (supported_types[idx].cksum_type == 0)) { + (idx == num_supported_types)) { DEBUG(2,("check_pac_checksum: Checksum Type %d is not supported\n", (int)sig->type)); return EINVAL;