diff options
author | Ken Raeburn <raeburn@mit.edu> | 2002-03-07 01:09:33 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2002-03-07 01:09:33 +0000 |
commit | 8b29c7414a24936287f8485ed094270254abbbfa (patch) | |
tree | ca75186cbb092439763819c2ff307c0fd3399477 /src/lib/krb5/krb/fwd_tgt.c | |
parent | b0a741a12d8813ed853301861bdc7237bd8fc51f (diff) | |
download | krb5-8b29c7414a24936287f8485ed094270254abbbfa.tar.gz krb5-8b29c7414a24936287f8485ed094270254abbbfa.tar.xz krb5-8b29c7414a24936287f8485ed094270254abbbfa.zip |
* ser_actx.c (krb5_auth_context_externalize): Do bounds checking on converted size value
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14238 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5/krb/fwd_tgt.c')
-rw-r--r-- | src/lib/krb5/krb/fwd_tgt.c | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c index 9c8a1046b3..06a1bcd4da 100644 --- a/src/lib/krb5/krb/fwd_tgt.c +++ b/src/lib/krb5/krb/fwd_tgt.c @@ -79,9 +79,30 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc, if (retval) goto errout; if (session_key) { - enctype = session_key->enctype; - krb5_free_keyblock (context, session_key); - session_key = NULL; + enctype = session_key->enctype; + krb5_free_keyblock (context, session_key); + session_key = NULL; + } else if (server) { /* must server be non-NULL when rhost is given? */ + /* Try getting credentials to see what the remote side supports. + Not bulletproof, just a heuristic. */ + krb5_creds in, *out = 0; + memset (&in, 0, sizeof(in)); + + retval = krb5_copy_principal (context, server, &in.server); + if (retval) + goto punt; + retval = krb5_copy_principal (context, client, &in.client); + if (retval) + goto punt; + retval = krb5_get_credentials (context, 0, cc, &in, &out); + if (retval) + goto punt; + /* Got the credentials. Okay, now record the enctype and + throw them away. */ + enctype = out->keyblock.enctype; + krb5_free_creds (context, out); + punt: + krb5_free_cred_contents (context, &in); } retval = krb5_os_hostaddr(context, rhost, &addrs); |