From f1fb967e94dea573dc0359bb6d3b4492c02bac47 Mon Sep 17 00:00:00 2001 From: Jeffrey Hutzelman Date: Sun, 18 Nov 2012 16:54:50 -0500 Subject: Reject checksum if krb5_crypto_init fails The result of Z_krb5_verify_cksum is supposed to be nonzero on success and 0 on failure. But if krb5_crypto_init() failed, we were returning the resulting error code, effectively accepting any checksum, when instead we should reject the checksum since we cannot verify it. --- lib/Zinternal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/Zinternal.c b/lib/Zinternal.c index f63d069..8d1a7d5 100644 --- a/lib/Zinternal.c +++ b/lib/Zinternal.c @@ -1387,7 +1387,7 @@ Z_krb5_verify_cksum(krb5_keyblock *keyblock, result = krb5_crypto_init(Z_krb5_ctx, keyblock, keyblock->keytype, &cryptctx); if (result) - return result; + return 0; /* HOLDING: cryptctx */ result = krb5_verify_checksum(Z_krb5_ctx, cryptctx, cksumusage, -- cgit v1.2.3