From: Ben Kaduk <kaduk@mit.edu>
Date: Thu, 20 Nov 2014 20:44:04 +0000 (-0500)
Subject: Avoid infinite loop on duplicate keysalts
X-Git-Tag: krb5-1.14-alpha1~204
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c828e7cb137de3559f026dcc552a52162d9ca5cd;p=thirdparty%2Fkrb5.git

Avoid infinite loop on duplicate keysalts

When duplicate suppression was requested, we would enter an
infinite loop upon encountering a duplicate entry, a bug
introduced in commit 0918990bf1d8560d74473fc0e41d08d433da1a15
and thus present in release 1.13.

Rework the conditional to avoid the loop, at the expense of
additional indentation for some of the code.

Ticket: 8038
tags: pullup
target_version: 1.13.1
---

diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c
index 216b580bd8..c28a1e9324 100644
--- a/src/lib/kadm5/str_conv.c
+++ b/src/lib/kadm5/str_conv.c
@@ -300,18 +300,17 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps,
             goto cleanup;
 
         /* Ignore duplicate keysalts if caller asks. */
-        if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype))
-            continue;
-
-        ksalts_new = realloc(ksalts, (nksalts + 1) * sizeof(*ksalts));
-        if (ksalts_new == NULL) {
-            ret = ENOMEM;
-            goto cleanup;
+        if (dups || !krb5_keysalt_is_present(ksalts, nksalts, etype, stype)) {
+            ksalts_new = realloc(ksalts, (nksalts + 1) * sizeof(*ksalts));
+            if (ksalts_new == NULL) {
+                ret = ENOMEM;
+                goto cleanup;
+            }
+            ksalts = ksalts_new;
+            ksalts[nksalts].ks_enctype = etype;
+            ksalts[nksalts].ks_salttype = stype;
+            nksalts++;
         }
-        ksalts = ksalts_new;
-        ksalts[nksalts].ks_enctype = etype;
-        ksalts[nksalts].ks_salttype = stype;
-        nksalts++;
         ksp = strtok_r(NULL, tseps, &tlasts);
     }
     *ksaltp = ksalts;