diff options
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/gssapi/krb5/ChangeLog | 7 | ||||
-rw-r--r-- | src/lib/gssapi/krb5/wrap_size_limit.c | 9 |
2 files changed, 11 insertions, 5 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 06639d4040..81be5ee0eb 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,10 @@ +2000-04-08 Tom Yu <tlyu@mit.edu> + + * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix up + wrap_size_limit() to deal with integrity wrap tokens properly. + The rfc1964 mech always pads and confounds regardless of whether + confidentiality is requested. + 2000-01-27 Ken Raeburn <raeburn@raeburn.org> * init_sec_context.c (krb5_gss_init_sec_context): Default to diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c index f7fee73cdf..d71a3f8647 100644 --- a/src/lib/gssapi/krb5/wrap_size_limit.c +++ b/src/lib/gssapi/krb5/wrap_size_limit.c @@ -157,10 +157,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, /* Calculate the token size and subtract that from the output size */ overhead = 7 + ctx->mech_used->length; data_size = req_output_size; - if (conf_req_flag) { - conflen = kg_confounder_size(context, ctx->enc); - data_size = (conflen + data_size + 8) & (~7); - } + conflen = kg_confounder_size(context, ctx->enc); + data_size = (conflen + data_size + 8) & (~(OM_uint32)7); ohlen = g_token_size((gss_OID) ctx->mech_used, (unsigned int) (data_size + ctx->cksum_size + 14)) - req_output_size; @@ -170,7 +168,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, * Cannot have trailer length that will cause us to pad over * our length */ - *max_input_size = (req_output_size - ohlen - overhead) & (~7); + *max_input_size = (req_output_size - ohlen - overhead) + & (~(OM_uint32)7); else *max_input_size = 0; } |