From aedb034228aaefd0fd7577635d66ef5e282d9496 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 15 Jul 2011 08:44:53 +0200
Subject: [PATCH] kdc: fix comparision between krb5uint32 and (unsigned int)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

We don't need a cast in that case.

Before commit 1124c4872dfb81bec9c4b527b8927ca35e39a599
(KVNOs are krb5uint32 in RFC4120, make it so),
we compared krb5int32 casted to size_t with unsigned int,
which resulted in the following problem:

Casting krb5int32 to (size_t) is wrong, as sizeof(int)==4 != sizeof(size_t)== 8.

If you cast negative int values to size_t you'll get this:

int ival = -5000; // 0xFFFFEC78
size_t sval = (size_t)ival; // this will be 0xFFFFFFFFFFFFEC78

So we better compare while casting to (unsigned int).

This is important for Active Directory RODC support,
which adds a random number into the higher 16-bits of the
32-bit kvno value.

metze

Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
---
 kdc/krb5tgs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kdc/krb5tgs.c b/kdc/krb5tgs.c
index c74676cc5..6aad65d40 100644
--- a/kdc/krb5tgs.c
+++ b/kdc/krb5tgs.c
@@ -1216,7 +1216,7 @@ tgs_parse_request(krb5_context context,
     }
 
     if(ap_req.ticket.enc_part.kvno &&
-       (size_t)*ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
+       *ap_req.ticket.enc_part.kvno != (*krbtgt)->entry.kvno){
 	char *p;
 
 	ret = krb5_unparse_name (context, princ, &p);
-- 
2.11.4.GIT