diff options
Diffstat (limited to 'src/lib/gssapi/krb5/wrap_size_limit.c')
-rw-r--r-- | src/lib/gssapi/krb5/wrap_size_limit.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c index 8c47d0f..4b304af 100644 --- a/src/lib/gssapi/krb5/wrap_size_limit.c +++ b/src/lib/gssapi/krb5/wrap_size_limit.c @@ -39,8 +39,9 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, { krb5_context context; krb5_gss_ctx_id_rec *ctx; - OM_uint32 cfsize; OM_uint32 ohlen; + OM_uint32 data_size, conflen; + int overhead; if (GSS_ERROR(kg_get_context(minor_status, &context))) return(GSS_S_FAILURE); @@ -64,12 +65,24 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, } /* Calculate the token size and subtract that from the output size */ - cfsize = (conf_req_flag) ? kg_confounder_size(&ctx->enc) : 0; + overhead = 7 + ctx->mech_used->length; + data_size = req_output_size; + if (conf_req_flag) { + conflen = kg_confounder_size(&ctx->enc); + data_size = (conflen + data_size + 8) & (~7); + } ohlen = g_token_size((gss_OID) ctx->mech_used, - (unsigned int) cfsize + ctx->cksum_size + 14); + (unsigned int) (data_size + ctx->cksum_size + 14)) + - req_output_size; - /* Cannot have trailer length that will cause us to pad over our length */ - *max_input_size = (req_output_size - ohlen) & (~7); + if (ohlen+overhead < req_output_size) + /* + * Cannot have trailer length that will cause us to pad over + * our length + */ + *max_input_size = (req_output_size - ohlen - overhead) & (~7); + else + *max_input_size = 0; *minor_status = 0; return(GSS_S_COMPLETE); } |