jdk Cdiff src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java

src/share/classes/sun/security/krb5/internal/ccache/CCacheInputStream.java

rev 10175 : 8048073: Cannot read ccache entry with a realm-less service name


*** 332,350 ****
       * entry is used by KDC to inform the client that it support certain
       * features. Its ticket is not a valid krb5 ticket and thus this method
       * returns null.
       */
      Credentials readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception {
!         PrincipalName cpname = readPrincipal(version);
!         if (DEBUG)
              System.out.println(">>>DEBUG <CCacheInputStream>  client principal is " + cpname);
!         PrincipalName spname = readPrincipal(version);
!         if (DEBUG)
              System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
          EncryptionKey key = readKey(version);
!         if (DEBUG)
              System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
          long times[] = readTimes();
          KerberosTime authtime = new KerberosTime(times[0]);
          KerberosTime starttime =
                  (times[1]==0) ? null : new KerberosTime(times[1]);
          KerberosTime endtime = new KerberosTime(times[2]);
--- 332,363 ----
       * entry is used by KDC to inform the client that it support certain
       * features. Its ticket is not a valid krb5 ticket and thus this method
       * returns null.
       */
      Credentials readCred(int version) throws IOException,RealmException, KrbApErrException, Asn1Exception {
!         PrincipalName cpname = null;
!         try {
!             cpname = readPrincipal(version);
!         } catch (Exception e) {
!             // cpname is null
!         }
!         if (DEBUG) {
              System.out.println(">>>DEBUG <CCacheInputStream>  client principal is " + cpname);
!         }
!         PrincipalName spname = null;
!         try {
!             spname = readPrincipal(version);
!         } catch (Exception e) {
!             // spname is null
!         }
!         if (DEBUG) {
              System.out.println(">>>DEBUG <CCacheInputStream> server principal is " + spname);
+         }
          EncryptionKey key = readKey(version);
!         if (DEBUG) {
              System.out.println(">>>DEBUG <CCacheInputStream> key type: " + key.getEType());
+         }
          long times[] = readTimes();
          KerberosTime authtime = new KerberosTime(times[0]);
          KerberosTime starttime =
                  (times[1]==0) ? null : new KerberosTime(times[1]);
          KerberosTime endtime = new KerberosTime(times[2]);
*** 373,382 ****
--- 386,399 ----
              auData = new AuthorizationData(auDataEntry);
          }
          byte[] ticketData = readData();
          byte[] ticketData2 = readData();
  
+         if (cpname == null || spname == null) {
+             return null;
+         }
+ 
          try {
              return new Credentials(cpname, spname, key, authtime, starttime,
                  endtime, renewTill, skey, tFlags,
                  addrs, auData,
                  ticketData != null ? new Ticket(ticketData) : null,