summaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/gssapi/krb5/ChangeLog7
-rw-r--r--src/lib/gssapi/krb5/wrap_size_limit.c9
2 files changed, 11 insertions, 5 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 06639d4040..81be5ee0eb 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,10 @@
+2000-04-08 Tom Yu <tlyu@mit.edu>
+
+ * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix up
+ wrap_size_limit() to deal with integrity wrap tokens properly.
+ The rfc1964 mech always pads and confounds regardless of whether
+ confidentiality is requested.
+
2000-01-27 Ken Raeburn <raeburn@raeburn.org>
* init_sec_context.c (krb5_gss_init_sec_context): Default to
diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c
index f7fee73cdf..d71a3f8647 100644
--- a/src/lib/gssapi/krb5/wrap_size_limit.c
+++ b/src/lib/gssapi/krb5/wrap_size_limit.c
@@ -157,10 +157,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
/* Calculate the token size and subtract that from the output size */
overhead = 7 + ctx->mech_used->length;
data_size = req_output_size;
- if (conf_req_flag) {
- conflen = kg_confounder_size(context, ctx->enc);
- data_size = (conflen + data_size + 8) & (~7);
- }
+ conflen = kg_confounder_size(context, ctx->enc);
+ data_size = (conflen + data_size + 8) & (~(OM_uint32)7);
ohlen = g_token_size((gss_OID) ctx->mech_used,
(unsigned int) (data_size + ctx->cksum_size + 14))
- req_output_size;
@@ -170,7 +168,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
* Cannot have trailer length that will cause us to pad over
* our length
*/
- *max_input_size = (req_output_size - ohlen - overhead) & (~7);
+ *max_input_size = (req_output_size - ohlen - overhead)
+ & (~(OM_uint32)7);
else
*max_input_size = 0;
}