summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/krb5
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-12-15 12:29:01 +1100
committerAndrew Bartlett <abartlet@samba.org>2012-01-12 09:43:07 +0100
commitbd164acb8237b4913f01c4c690b65a65e69ac551 (patch)
treeee9d8b9e51ee8f5ea3ce0539a3e8c087db04b92e /source4/heimdal/lib/krb5
parent3628f34aa3b6036a267a0bc586a3f9433b58b9b9 (diff)
downloadsamba-bd164acb8237b4913f01c4c690b65a65e69ac551.tar.gz
samba-bd164acb8237b4913f01c4c690b65a65e69ac551.tar.bz2
samba-bd164acb8237b4913f01c4c690b65a65e69ac551.zip
Revert "make paranoia check less paranoid" - check that key types strictly match
This reverts commit c25af51232616061bb08eea86aae595b4f029490 because otherwise we could attempt to check a CKSUMTYPE_HMAC_SHA1_96_AES_256 key with a KRB5_ENCTYPE_ARCFOUR_HMAC_MD5 key. Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu Jan 12 09:43:07 CET 2012 on sn-devel-104
Diffstat (limited to 'source4/heimdal/lib/krb5')
-rw-r--r--source4/heimdal/lib/krb5/crypto.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/source4/heimdal/lib/krb5/crypto.c b/source4/heimdal/lib/krb5/crypto.c
index 732311bec9..75d0a099d4 100644
--- a/source4/heimdal/lib/krb5/crypto.c
+++ b/source4/heimdal/lib/krb5/crypto.c
@@ -454,7 +454,7 @@ verify_checksum(krb5_context context,
return KRB5_PROG_SUMTYPE_NOSUPP; /* XXX */
}
kct = crypto->et->keyed_checksum;
- if (kct != NULL && kct->type != ct->type) {
+ if (kct == NULL || kct->type != ct->type) {
krb5_set_error_message(context, KRB5_PROG_SUMTYPE_NOSUPP,
N_("Checksum type %s is keyed, but "
"the key type %s passed didnt have that checksum "