From: Greg Hudson <ghudson@mit.edu>
Date: Thu, 9 Jul 2015 05:00:40 +0000 (-0400)
Subject: Fix kdcpreauth counting bug
X-Git-Tag: krb5-1.14-alpha1~74
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2c3c44ce0555110a919aff0902d143b7f00e26ef;p=thirdparty%2Fkrb5.git

Fix kdcpreauth counting bug

In kdc_preauth.c, commit be20a5f5cee8d6c4072d1b81712520dbf9f6eefd made
load_preauth_plugins() handle negative preauth type numbers.
get_plugin_vtables() also needs to handle negative preauth type
numbers, or it can return the wrong count and load_preauth_plugins()
can overflow the table.

ticket: 8200
---

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index 34775f36ce..e121c5d42b 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -235,7 +235,7 @@ get_plugin_vtables(krb5_context context,
             n_tables++;
     }
     for (i = 0, n_systems = 0; i < n_tables; i++) {
-        for (count = 0; vtables[i].pa_type_list[count] > 0; count++);
+        for (count = 0; vtables[i].pa_type_list[count] != 0; count++);
         n_systems += count;
     }
     *vtables_out = vtables;