From: Sarah Day <sarahday@mit.edu>
Date: Mon, 15 Aug 2016 20:11:31 +0000 (-0400)
Subject: Fix KDC to drop repeated in-progress requests
X-Git-Tag: krb5-1.13.7-final~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6b0085918a61e6dbe2a661ac46919bd90a5aa0ce;p=thirdparty%2Fkrb5.git

Fix KDC to drop repeated in-progress requests

When a KDC receives a repeated request while the original request is
still in progress, it is supposed to be to drop the request.  Commit
f07760088b72a11c54dd72efbc5739f231a4d4b0 introduced a bug in this
logic, causing the KDC to instead send an empty reply.  In
kdc_check_lookaside(), return a NULL reply_packet for empty entries,
restoring the expected behavior.

[ghudson@mit.edu: edited commit message, added a comment]

(cherry picked from commit 847fc7b3caa823c219c97cc307ccb8d7d519a20f)

ticket: 8477
version_fixed: 1.13.7
---

diff --git a/src/kdc/replay.c b/src/kdc/replay.c
index 3eee6e8d4f..05b51990b4 100644
--- a/src/kdc/replay.c
+++ b/src/kdc/replay.c
@@ -177,6 +177,11 @@ kdc_check_lookaside(krb5_context kcontext, krb5_data *req_packet,
 
     e->num_hits++;
     hits++;
+
+    /* Leave *reply_packet_out as NULL for an in-progress entry. */
+    if (e->reply_packet.length == 0)
+        return TRUE;
+
     return (krb5_copy_data(kcontext, &e->reply_packet,
                            reply_packet_out) == 0);
 }