From: Sarah Day <sarahday@mit.edu>
Date: Mon, 15 Aug 2016 20:11:31 +0000 (-0400)
Subject: Fix KDC to drop repeated in-progress requests
X-Git-Tag: krb5-1.15-beta1~95
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=847fc7b3caa823c219c97cc307ccb8d7d519a20f;p=thirdparty%2Fkrb5.git

Fix KDC to drop repeated in-progress requests

When a KDC receives a repeated request while the original request is
still in progress, it is supposed to be to drop the request.  Commit
f07760088b72a11c54dd72efbc5739f231a4d4b0 introduced a bug in this
logic, causing the KDC to instead send an empty reply.  In
kdc_check_lookaside(), return a NULL reply_packet for empty entries,
restoring the expected behavior.

[ghudson@mit.edu: edited commit message, added a comment]

ticket: 8477 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup
---

diff --git a/src/kdc/replay.c b/src/kdc/replay.c
index 76fd772b03..2d93498d7a 100644
--- a/src/kdc/replay.c
+++ b/src/kdc/replay.c
@@ -177,6 +177,11 @@ kdc_check_lookaside(krb5_context kcontext, krb5_data *req_packet,
 
     e->num_hits++;
     hits++;
+
+    /* Leave *reply_packet_out as NULL for an in-progress entry. */
+    if (e->reply_packet.length == 0)
+        return TRUE;
+
     return (krb5_copy_data(kcontext, &e->reply_packet,
                            reply_packet_out) == 0);
 }