From: Ben Kaduk Date: Thu, 20 Nov 2014 20:44:04 +0000 (-0500) Subject: Avoid infinite loop on duplicate keysalts X-Git-Tag: krb5-1.13.1-final~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1a1b7c83ac568cbfec230bbdb3a9506ea27d1ca;p=thirdparty%2Fkrb5.git Avoid infinite loop on duplicate keysalts When duplicate suppression was requested, we would enter an infinite loop upon encountering a duplicate entry, a bug introduced in commit 0918990bf1d8560d74473fc0e41d08d433da1a15 and thus present in release 1.13. Rework the conditional to avoid the loop, at the expense of additional indentation for some of the code. (cherry picked from commit c828e7cb137de3559f026dcc552a52162d9ca5cd) ticket: 8038 version_fixed: 1.13.1 status: resolved --- diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c index 216b580bd8..c28a1e9324 100644 --- a/src/lib/kadm5/str_conv.c +++ b/src/lib/kadm5/str_conv.c @@ -300,18 +300,17 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps, goto cleanup; /* Ignore duplicate keysalts if caller asks. */ - if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype)) - continue; - - ksalts_new = realloc(ksalts, (nksalts + 1) * sizeof(*ksalts)); - if (ksalts_new == NULL) { - ret = ENOMEM; - goto cleanup; + if (dups || !krb5_keysalt_is_present(ksalts, nksalts, etype, stype)) { + ksalts_new = realloc(ksalts, (nksalts + 1) * sizeof(*ksalts)); + if (ksalts_new == NULL) { + ret = ENOMEM; + goto cleanup; + } + ksalts = ksalts_new; + ksalts[nksalts].ks_enctype = etype; + ksalts[nksalts].ks_salttype = stype; + nksalts++; } - ksalts = ksalts_new; - ksalts[nksalts].ks_enctype = etype; - ksalts[nksalts].ks_salttype = stype; - nksalts++; ksp = strtok_r(NULL, tseps, &tlasts); } *ksaltp = ksalts;