diff options
author | Jeffrey Hutzelman <jhutz@cmu.edu> | 2012-11-18 16:54:50 -0500 |
---|---|---|
committer | Jeffrey Hutzelman <jhutz@cmu.edu> | 2012-11-24 18:13:15 -0500 |
commit | f1fb967e94dea573dc0359bb6d3b4492c02bac47 (patch) | |
tree | 28c72487589085e58f85d99d73c009d6c6dae363 /lib | |
parent | c7544084565dcee8dd18b2a4d99c594253c656b7 (diff) |
Reject checksum if krb5_crypto_init fails
The result of Z_krb5_verify_cksum is supposed to be nonzero on success and
0 on failure. But if krb5_crypto_init() failed, we were returning the
resulting error code, effectively accepting any checksum, when instead we
should reject the checksum since we cannot verify it.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Zinternal.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/Zinternal.c b/lib/Zinternal.c index f63d069..8d1a7d5 100644 --- a/lib/Zinternal.c +++ b/lib/Zinternal.c @@ -1387,7 +1387,7 @@ Z_krb5_verify_cksum(krb5_keyblock *keyblock, result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype, &cryptctx); if (result) - return result; + return 0; /* HOLDING: cryptctx */ result = krb5_verify_checksum(Z_krb5_ctx, cryptctx, cksumusage, |