diff options
author | Tom Yu <tlyu@mit.edu> | 2001-10-04 18:51:32 +0000 |
---|---|---|
committer | Tom Yu <tlyu@mit.edu> | 2001-10-04 18:51:32 +0000 |
commit | a0282fd7094f4f781b87a51b5386734893572373 (patch) | |
tree | 371d973eeee3314e252b5a4b31a6cecd724f8add | |
parent | e037d1e993ec4df947cd8c92a5f3643838bc2e6b (diff) | |
download | krb5-a0282fd7094f4f781b87a51b5386734893572373.zip krb5-a0282fd7094f4f781b87a51b5386734893572373.tar.gz krb5-a0282fd7094f4f781b87a51b5386734893572373.tar.bz2 |
* accept_sec_context.c (krb5_gss_accept_sec_context): Ignore
unrecognized options properly. [krb5-libs/738]
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13778 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 5 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 28 |
2 files changed, 23 insertions, 10 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 4b163c8..1393b7c 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,8 @@ +2001-10-04 Tom Yu <tlyu@mit.edu> + + * accept_sec_context.c (krb5_gss_accept_sec_context): Ignore + unrecognized options properly. [krb5-libs/738] + 2001-10-03 Ken Raeburn <raeburn@mit.edu> * copy_ccache.c, get_tkt_flags.c, gssapi_krb5.h, krb5_gss_glue.c, diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 131dffb..7af8f03 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -474,21 +474,31 @@ krb5_gss_accept_sec_context(minor_status, context_handle, i = authdat->checksum->length - 24; - while(i>0) { + while (i >= 4) { TREAD_INT16(ptr, option_id, bigend); - switch(option_id) { + TREAD_INT16(ptr, option.length, bigend); - case KRB5_GSS_FOR_CREDS_OPTION: + i -= 4; + + /* have to use ptr2, since option.data is wrong type and + macro uses ptr as both lvalue and rvalue */ + + if (i < option.length || option.length < 0) { + code = KG_BAD_LENGTH; + major_status = GSS_S_FAILURE; + goto fail; + } - TREAD_INT16(ptr, option.length, bigend); + TREAD_STR(ptr, ptr2, bigend); + option.data = (char FAR *) ptr2; - /* have to use ptr2, since option.data is wrong type and - macro uses ptr as both lvalue and rvalue */ + i -= option.length; - TREAD_STR(ptr, ptr2, bigend); - option.data = (char FAR *) ptr2; + switch(option_id) { + + case KRB5_GSS_FOR_CREDS_OPTION: /* store the delegated credential */ @@ -500,8 +510,6 @@ krb5_gss_accept_sec_context(minor_status, context_handle, goto fail; } - i -= option.length + 4; - gss_flags |= GSS_C_DELEG_FLAG; /* got a delegation */ break; |