diff options
Diffstat (limited to 'src/lib/krb5/krb/rd_safe.c')
-rw-r--r-- | src/lib/krb5/krb/rd_safe.c | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index 0f6cec2..15dc6dc 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -51,6 +51,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb { krb5_error_code retval; krb5_safe * message; + krb5_data safe_body; krb5_checksum our_cksum, *his_cksum; krb5_octet zero_octet = 0; krb5_data *scratch; @@ -59,7 +60,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb if (!krb5_is_krb_safe(inbuf)) return KRB5KRB_AP_ERR_MSG_TYPE; - if ((retval = decode_krb5_safe(inbuf, &message))) + if ((retval = decode_krb5_safe_with_body(inbuf, &message, &safe_body))) return retval; if (!krb5_c_valid_cksumtype(message->checksum->checksum_type)) { @@ -113,7 +114,7 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb message->checksum = &our_cksum; - if ((retval = encode_krb5_safe(message, &scratch))) + if ((retval = encode_krb5_safe_with_body(message, &safe_body, &scratch))) goto cleanup; message->checksum = his_cksum; @@ -126,8 +127,17 @@ krb5_rd_safe_basic(krb5_context context, const krb5_data *inbuf, const krb5_keyb krb5_free_data(context, scratch); if (!valid) { - retval = KRB5KRB_AP_ERR_MODIFIED; - goto cleanup; + /* + * Checksum over only the KRB-SAFE-BODY, like RFC 1510 says, in + * case someone actually implements it correctly. + */ + retval = krb5_c_verify_checksum(context, keyblock, + KRB5_KEYUSAGE_KRB_SAFE_CKSUM, + &safe_body, his_cksum, &valid); + if (!valid) { + retval = KRB5KRB_AP_ERR_MODIFIED; + goto cleanup; + } } replaydata->timestamp = message->timestamp; @@ -161,9 +171,8 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_da return KRB5_RC_REQUIRED; /* Get keyblock */ - if ((keyblock = auth_context->remote_subkey) == NULL) - if ((keyblock = auth_context->local_subkey) == NULL) - keyblock = auth_context->keyblock; + if ((keyblock = auth_context->recv_subkey) == NULL) + keyblock = auth_context->keyblock; { krb5_address * premote_fulladdr = NULL; @@ -240,7 +249,8 @@ krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_da } if (auth_context->auth_context_flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - if (auth_context->remote_seq_number != replaydata.seq) { + if (!krb5int_auth_con_chkseqnum(context, auth_context, + replaydata.seq)) { retval = KRB5KRB_AP_ERR_BADORDER; goto error; } |