If the enctype we read from the beginning of a stash file looks reversed,
reverse it and the length, too. Far from perfect (makes assumptions about
sizeof(int) and the layout of its contents), but works on the arches we
care about, and this all gets replaced with keytabs in 1.7, so there's
little use for it generally.
diff -up krb5-1.6.1/src/lib/kdb/kdb_default.c krb5-1.6.1/src/lib/kdb/kdb_default.c
--- krb5-1.6.1/src/lib/kdb/kdb_default.c 2006-10-11 22:39:14.000000000 -0400
+++ krb5-1.6.1/src/lib/kdb/kdb_default.c 2009-07-31 15:39:46.000000000 -0400
@@ -203,7 +203,7 @@ krb5_db_def_fetch_mkey( krb5_context c
char *db_args)
{
krb5_error_code retval;
- krb5_ui_2 enctype;
+ krb5_ui_2 enctype, enctype_swapped;
char defkeyfile[MAXPATHLEN+1];
krb5_data *realm = krb5_princ_realm(context, mname);
FILE *kf = NULL;
@@ -228,6 +228,11 @@ krb5_db_def_fetch_mkey( krb5_context c
goto errout;
}
+ /* check if it looks backwards */
+ enctype_swapped = (enctype >> 8) | (enctype << 8);
+ if (!krb5_c_valid_enctype(enctype) && krb5_c_valid_enctype(enctype_swapped))
+ enctype = enctype_swapped;
+
if (key->enctype == ENCTYPE_UNKNOWN)
key->enctype = enctype;
else if (enctype != key->enctype) {
@@ -241,6 +246,14 @@ krb5_db_def_fetch_mkey( krb5_context c
goto errout;
}
+ /* if we swapped bytes on the enctype, do so for the length */
+ if (enctype_swapped == enctype) {
+ key->length = ((key->length & 0x000000ff) << 24) |
+ ((key->length & 0x0000ff00) << 8) |
+ ((key->length & 0x00ff0000) >> 8) |
+ ((key->length & 0xff000000) >> 24);
+ }
+
if (!key->length || ((int) key->length) < 0) {
retval = KRB5_KDB_BADSTORED_MKEY;
goto errout;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
e16d0c94ff2c9e93ba4eea60f7b68478
>
files
>
93
