From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 29 Apr 2013 18:55:31 +0000 (-0400)
Subject: Don't send empty etype info from KDC
X-Git-Tag: krb5-1.12-alpha1~188
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef700ee2cc1b33a06cd1e5c6c56ca7cfac8e67c5;p=thirdparty%2Fkrb5.git

Don't send empty etype info from KDC

RFC 4120 prohibits empty ETYPE-INFO2 sequences (though not ETYPE-INFO
sequences), and our client errors out if it sees an empty sequence of
either.

ticket: 7630
---

diff --git a/src/kdc/kdc_preauth.c b/src/kdc/kdc_preauth.c
index b7f9e15144..9c04f709ca 100644
--- a/src/kdc/kdc_preauth.c
+++ b/src/kdc/kdc_preauth.c
@@ -1420,6 +1420,11 @@ etype_info_helper(krb5_context context, krb5_kdc_req *request,
             seen_des++;
         }
     }
+
+    /* If the list is empty, don't send it at all. */
+    if (i == 0)
+        goto cleanup;
+
     if (etype_info2)
         retval = encode_krb5_etype_info2(entry, &scratch);
     else