CVE-2022-37966 HEIMDAL: Look up the server keys to combine with clients etype list...

[lorikeet-heimdal.git] / kdc / kerberos5.c

diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c
index 51b26709f025cfd512f0c6ee2c71c0d464f05f72..070364b8790fc2795d5a234e39226a7fd0cc2d8b 100644 (file)
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -2444,7 +2444,7 @@ _kdc_as_rep(astgs_request_t r)
      * intersection of the client's requested enctypes and the server's (like a
      * root krbtgt, but not necessarily) etypes from its HDB entry.
      */
-    ret = _kdc_find_etype(r, (is_tgs ?  KFE_IS_TGS:0) | KFE_USE_CLIENT,
+    ret = _kdc_find_etype(r, (is_tgs ?  KFE_IS_TGS:0),
                          b->etype.val, b->etype.len,
                          &r->sessionetype, NULL, NULL);
     if (ret) {