* accept_sec_context.c (krb5_gss_accept_sec_context): Ignore

unrecognized options properly. [krb5-libs/738] git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13778 dc483132-0cff-0310-8789-dd5450dbe970
author: Tom Yu <tlyu@mit.edu> 2001-10-04 18:51:32 +0000
committer: Tom Yu <tlyu@mit.edu> 2001-10-04 18:51:32 +0000
commit: a0282fd7094f4f781b87a51b5386734893572373 (patch)
tree: 371d973eeee3314e252b5a4b31a6cecd724f8add
parent: e037d1e993ec4df947cd8c92a5f3643838bc2e6b (diff)
download: krb5-a0282fd7094f4f781b87a51b5386734893572373.zip
krb5-a0282fd7094f4f781b87a51b5386734893572373.tar.gz
krb5-a0282fd7094f4f781b87a51b5386734893572373.tar.bz2
2 files changed, 23 insertions, 10 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 4b163c8..1393b7c 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,8 @@
+2001-10-04  Tom Yu  <tlyu@mit.edu>
+
+	* accept_sec_context.c (krb5_gss_accept_sec_context): Ignore
+	unrecognized options properly. [krb5-libs/738]
+
 2001-10-03  Ken Raeburn  <raeburn@mit.edu>
 
 	* copy_ccache.c, get_tkt_flags.c, gssapi_krb5.h, krb5_gss_glue.c,
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 131dffb..7af8f03 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -474,21 +474,31 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
 
 	   i = authdat->checksum->length - 24;
 
-	   while(i>0) {
+	   while (i >= 4) {
 
 	       TREAD_INT16(ptr, option_id, bigend);
 
-	       switch(option_id) {
+	       TREAD_INT16(ptr, option.length, bigend);
 
-	       case KRB5_GSS_FOR_CREDS_OPTION:
+	       i -= 4;
+
+	       /* have to use ptr2, since option.data is wrong type and
+		  macro uses ptr as both lvalue and rvalue */
+
+	       if (i < option.length || option.length < 0) {
+		   code = KG_BAD_LENGTH;
+		   major_status = GSS_S_FAILURE;
+		   goto fail;
+	       }
 
-		   TREAD_INT16(ptr, option.length, bigend);
+	       TREAD_STR(ptr, ptr2, bigend);
+	       option.data = (char FAR *) ptr2;
 
-		   /* have to use ptr2, since option.data is wrong type and
-		      macro uses ptr as both lvalue and rvalue */
+	       i -= option.length;
 
-		   TREAD_STR(ptr, ptr2, bigend);
-		   option.data = (char FAR *) ptr2;
+	       switch(option_id) {
+
+	       case KRB5_GSS_FOR_CREDS_OPTION:
 
 		   /* store the delegated credential */
 
@@ -500,8 +510,6 @@ krb5_gss_accept_sec_context(minor_status, context_handle,
 		       goto fail;
 		   }
 
-		   i -= option.length + 4;
-
 		   gss_flags |= GSS_C_DELEG_FLAG; /* got a delegation */
 
 		   break;
author	Tom Yu <tlyu@mit.edu>	2001-10-04 18:51:32 +0000
committer	Tom Yu <tlyu@mit.edu>	2001-10-04 18:51:32 +0000
commit	a0282fd7094f4f781b87a51b5386734893572373 (patch)
tree	371d973eeee3314e252b5a4b31a6cecd724f8add
parent	e037d1e993ec4df947cd8c92a5f3643838bc2e6b (diff)
download	krb5-a0282fd7094f4f781b87a51b5386734893572373.zip krb5-a0282fd7094f4f781b87a51b5386734893572373.tar.gz krb5-a0282fd7094f4f781b87a51b5386734893572373.tar.bz2