From: Robbie Harwood Date: Wed, 15 Jul 2020 19:42:20 +0000 (-0400) Subject: Ignore bad enctypes in krb5_string_to_keysalts() X-Git-Tag: krb5-1.19-beta1~53 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1094%2Fhead;p=thirdparty%2Fkrb5.git Ignore bad enctypes in krb5_string_to_keysalts() Fixes a problem where the presence of legacy/unrecognized keysalts in supported_enctypes would prevent the kadmin programs from starting. [ghudson@mit.edu: ideally we would put a warning in the kadmind log, but that is difficult to do when the parsing is done inside a library. Even adding a trace log is difficult because the kadm5 str_conv functions do not accept contexts.] ticket: 8929 (new) --- diff --git a/src/lib/kadm5/str_conv.c b/src/lib/kadm5/str_conv.c index 7cf51d3168..7982956062 100644 --- a/src/lib/kadm5/str_conv.c +++ b/src/lib/kadm5/str_conv.c @@ -340,9 +340,10 @@ krb5_string_to_keysalts(const char *string, const char *tupleseps, while ((ksp = strtok_r(p, tseps, &tlasts)) != NULL) { /* Pass a null pointer to subsequent calls to strtok_r(). */ p = NULL; - ret = string_to_keysalt(ksp, ksaltseps, &etype, &stype); - if (ret) - goto cleanup; + + /* Discard unrecognized keysalts. */ + if (string_to_keysalt(ksp, ksaltseps, &etype, &stype) != 0) + continue; /* Ignore duplicate keysalts if caller asks. */ if (!dups && krb5_keysalt_is_present(ksalts, nksalts, etype, stype))