diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-09-08 14:10:37 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-09-08 14:18:26 -0400 |
commit | daf42938a262c3a88164b07972f2a2e6e8552620 (patch) | |
tree | 7f4c84493259d45780ce5d6c7297bcbc59003fc7 /src/lib | |
parent | da10b66df1f1411ad54cba177454a7634619bb08 (diff) | |
download | krb5-daf42938a262c3a88164b07972f2a2e6e8552620.tar.gz krb5-daf42938a262c3a88164b07972f2a2e6e8552620.tar.xz krb5-daf42938a262c3a88164b07972f2a2e6e8552620.zip |
Get rid of G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE
This flag was introduced in the mskrb-integ merge but is not actually
used after r21742--while kg_unseal_iov_token sets it in vfyflags for
DCE-style contexts, it doesn't actually pass vfyflags to
g_verify_token_header or otherwise use it. Moreover, the flag is not
necessary there; we correctly set input_length to the header length
(without data, padding, or trailer) for v1 tokens in a DCE-style
context.
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/gssapi/generic/gssapiP_generic.h | 1 | ||||
-rw-r--r-- | src/lib/gssapi/generic/util_token.c | 3 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/k5unsealiov.c | 4 |
3 files changed, 1 insertions, 7 deletions
diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h index ebc9096b6a..706805d574 100644 --- a/src/lib/gssapi/generic/gssapiP_generic.h +++ b/src/lib/gssapi/generic/gssapiP_generic.h @@ -157,7 +157,6 @@ void g_make_token_header (const gss_OID_desc * mech, unsigned int body_size, /* flags for g_verify_token_header() */ #define G_VFY_TOKEN_HDR_WRAPPER_REQUIRED 0x01 -#define G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE 0x02 gss_int32 g_verify_token_header (const gss_OID_desc * mech, unsigned int *body_size, diff --git a/src/lib/gssapi/generic/util_token.c b/src/lib/gssapi/generic/util_token.c index 0c4c90c16e..6e339f4ac7 100644 --- a/src/lib/gssapi/generic/util_token.c +++ b/src/lib/gssapi/generic/util_token.c @@ -194,8 +194,7 @@ g_verify_token_header( if ((seqsize = der_read_length(&buf, &toksize)) < 0) return(G_BAD_TOK_HEADER); - if ((flags & G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE) == 0 && - seqsize != toksize) + if (seqsize != toksize) return(G_BAD_TOK_HEADER); if ((toksize-=1) < 0) diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c index 87fe34f9d4..f80f4d05d6 100644 --- a/src/lib/gssapi/krb5/k5unsealiov.c +++ b/src/lib/gssapi/krb5/k5unsealiov.c @@ -315,7 +315,6 @@ kg_unseal_iov_token(OM_uint32 *minor_status, size_t input_length; unsigned int bodysize; int toktype2; - int vfyflags = 0; header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER); if (header == NULL) { @@ -343,9 +342,6 @@ kg_unseal_iov_token(OM_uint32 *minor_status, input_length += trailer->buffer.length; } - if (ctx->gss_flags & GSS_C_DCE_STYLE) - vfyflags |= G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE; - code = g_verify_token_header(ctx->mech_used, &bodysize, &ptr, -1, input_length, 0); |