From: Ben Kaduk <kaduk@mit.edu>
Date: Fri, 25 Oct 2013 18:00:29 +0000 (-0400)
Subject: Reset key-generation parameters for each enctype
X-Git-Tag: krb5-1.13-alpha1~338
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=381cf01afb13ad28de0927de37f8e1d12749bf49;p=thirdparty%2Fkrb5.git

Reset key-generation parameters for each enctype

In add_key_pwd, initialize s2k_params to NULL inside the loop over
enctypes instead of outside the loop, so that if the afs3 salt type
is used it does not contaminate later enctype/salt pairs in the list.

ticket: 7733
tags: pullup
target_version: 1.12
---

diff --git a/src/lib/kdb/kdb_cpw.c b/src/lib/kdb/kdb_cpw.c
index 7b00fcf5f3..5481553692 100644
--- a/src/lib/kdb/kdb_cpw.c
+++ b/src/lib/kdb/kdb_cpw.c
@@ -389,7 +389,7 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
     krb5_keysalt          key_salt;
     krb5_keyblock         key;
     krb5_data             pwd;
-    krb5_data             afs_params = string2data("\1"), *s2k_params = NULL;
+    krb5_data             afs_params = string2data("\1"), *s2k_params;
     int                   i, j, k;
     krb5_key_data         tmp_key_data;
     krb5_key_data        *tptr;
@@ -402,6 +402,7 @@ add_key_pwd(context, master_key, ks_tuple, ks_tuple_count, passwd,
         krb5_boolean similar;
 
         similar = 0;
+        s2k_params = NULL;
 
         /*
          * We could use krb5_keysalt_iterate to replace this loop, or use