From 08fafff29a11e61036021196aaae8c303d1a5662 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 7 Dec 2015 12:16:41 -0500
Subject: [PATCH] Fix k5crypto NSS iov processing bug

In k5_nss_gen_stream_iov(), don't stop processing the iov array if we
run across a zero-length iov.

ticket: 8300 (new)
target_version: 1.14-next
tags: pullup
---
 src/lib/crypto/nss/enc_provider/enc_gen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/crypto/nss/enc_provider/enc_gen.c b/src/lib/crypto/nss/enc_provider/enc_gen.c
index 7022a78eed..cfe0d65e8e 100644
--- a/src/lib/crypto/nss/enc_provider/enc_gen.c
+++ b/src/lib/crypto/nss/enc_provider/enc_gen.c
@@ -307,7 +307,7 @@ k5_nss_gen_stream_iov(krb5_key krb_key, krb5_data *state,
         int return_length;
         iov = &data[i];
         if (iov->data.length <= 0)
-            break;
+            continue;
 
         if (ENCRYPT_IOV(iov)) {
             rv = PK11_CipherOp(ctx, (unsigned char *)iov->data.data,
-- 
2.47.2