Reject checksum if krb5_crypto_init fails

The result of Z_krb5_verify_cksum is supposed to be nonzero on success and 0 on failure. But if krb5_crypto_init() failed, we were returning the resulting error code, effectively accepting any checksum, when instead we should reject the checksum since we cannot verify it.
author: Jeffrey Hutzelman <jhutz@cmu.edu> 2012-11-18 16:54:50 -0500
committer: Jeffrey Hutzelman <jhutz@cmu.edu> 2012-11-24 18:13:15 -0500
commit: f1fb967e94dea573dc0359bb6d3b4492c02bac47 (patch)
tree: 28c72487589085e58f85d99d73c009d6c6dae363 /lib
parent: c7544084565dcee8dd18b2a4d99c594253c656b7 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/Zinternal.c b/lib/Zinternal.c
index f63d069..8d1a7d5 100644
--- a/lib/Zinternal.c
+++ b/lib/Zinternal.c
@@ -1387,7 +1387,7 @@ Z_krb5_verify_cksum(krb5_keyblock *keyblock,
 
     result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype, &cryptctx);
     if (result)
-	return result;
+	return 0;
 
     /* HOLDING: cryptctx */
     result = krb5_verify_checksum(Z_krb5_ctx, cryptctx, cksumusage,
author	Jeffrey Hutzelman <jhutz@cmu.edu>	2012-11-18 16:54:50 -0500
committer	Jeffrey Hutzelman <jhutz@cmu.edu>	2012-11-24 18:13:15 -0500
commit	f1fb967e94dea573dc0359bb6d3b4492c02bac47 (patch)
tree	28c72487589085e58f85d99d73c009d6c6dae363 /lib
parent	c7544084565dcee8dd18b2a4d99c594253c656b7 (diff)