Package: krb5 / 1.15-1+deb9u1

upstream/0013-Fix-udp_preference_limit-with-SRV-records.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
From 79f8689317c4bdb8b31306677ffa38664344ed6b Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 27 Feb 2017 22:35:07 -0500
Subject: Fix udp_preference_limit with SRV records

In sendto_kdc:resolve_server() when resolving a server entry with a
specified transport, defer the resulting addresses if the strategy
dictates that the specified transport is not preferred.  Reported by
Jochen Hein.

(cherry picked from commit bc7594058011c2f9711f24af4fa15a421a8d5b62)

ticket: 8554
version_fixed: 1.15.1

(cherry picked from commit 59a3449f13c63048b44f56cad2d528c0805d3627)

Patch-Category: upstream
---
 src/lib/krb5/os/sendto_kdc.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index ef80991c1d..fffe0262f6 100644
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -791,7 +791,7 @@ resolve_server(krb5_context context, const krb5_data *realm,
     struct server_entry *entry = &servers->servers[ind];
     k5_transport transport;
     struct addrinfo *addrs, *a, hint, ai;
-    krb5_boolean defer;
+    krb5_boolean defer = FALSE;
     int err, result;
     char portbuf[PORT_LENGTH];
 
@@ -811,9 +811,13 @@ resolve_server(krb5_context context, const krb5_data *realm,
                               NULL, NULL, entry->uri_path, udpbufp);
     }
 
-    /* If the entry has a specified transport, use it. */
-    if (entry->transport != TCP_OR_UDP)
+    /* If the entry has a specified transport, use it, but possibly defer the
+     * addresses we add based on the strategy. */
+    if (entry->transport != TCP_OR_UDP) {
         transport = entry->transport;
+        defer = (entry->transport == TCP && strategy == UDP_FIRST) ||
+            (entry->transport == UDP && strategy == UDP_LAST);
+    }
 
     memset(&hint, 0, sizeof(hint));
     hint.ai_family = entry->family;
@@ -833,7 +837,7 @@ resolve_server(krb5_context context, const krb5_data *realm,
     /* Add each address with the specified or preferred transport. */
     retval = 0;
     for (a = addrs; a != 0 && retval == 0; a = a->ai_next) {
-        retval = add_connection(conns, transport, FALSE, a, ind, realm,
+        retval = add_connection(conns, transport, defer, a, ind, realm,
                                 entry->hostname, portbuf, entry->uri_path,
                                 udpbufp);
     }