1 files changed, 19 insertions, 3 deletions

diff --git a/lib/krb5/keytab_keyfile.c b/lib/krb5/keytab_keyfile.c
index ea74c32..1200832 100644
--- a/lib/krb5/keytab_keyfile.c
+++ b/lib/krb5/keytab_keyfile.c
@@ -212,9 +212,17 @@ akf_start_seq_get(krb5_context context,
 	return ret;
     }
 
+    c->data = NULL;
     c->sp = krb5_storage_from_fd(c->fd);
+    if (c->sp == NULL) {
+	close(c->fd);
+	krb5_clear_error_message (context);
+	return KRB5_KT_NOTFOUND;
+    }
+    krb5_storage_set_eof_code(c->sp, KRB5_KT_END);
+
     ret = krb5_ret_uint32(c->sp, &d->num_entries);
-    if(ret) {
+    if(ret || d->num_entries > INT_MAX / 8) {
 	krb5_storage_free(c->sp);
 	close(c->fd);
 	krb5_clear_error_message (context);
@@ -255,7 +263,10 @@ akf_next_entry(krb5_context context,
 
     entry->vno = kvno;
 
-    entry->keyblock.keytype         = ETYPE_DES_CBC_MD5;
+    if (cursor->data)
+	entry->keyblock.keytype         = ETYPE_DES_CBC_MD5;
+    else
+	entry->keyblock.keytype         = ETYPE_DES_CBC_CRC;
     entry->keyblock.keyvalue.length = 8;
     entry->keyblock.keyvalue.data   = malloc (8);
     if (entry->keyblock.keyvalue.data == NULL) {
@@ -277,7 +288,11 @@ akf_next_entry(krb5_context context,
     entry->aliases = NULL;
 
  out:
-    krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET);
+    if (cursor->data) {
+	krb5_storage_seek(cursor->sp, pos + 4 + 8, SEEK_SET);
+	cursor->data = NULL;
+    } else
+	cursor->data = cursor;
     return ret;
 }
 
@@ -288,6 +303,7 @@ akf_end_seq_get(krb5_context context,
 {
     krb5_storage_free(cursor->sp);
     close(cursor->fd);
+    cursor->data = NULL;
     return 0;
 }