2 files changed, 11 insertions, 5 deletions

diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index 06639d4040..81be5ee0eb 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,10 @@
+2000-04-08  Tom Yu  <tlyu@mit.edu>
+
+	* wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix up
+	wrap_size_limit() to deal with integrity wrap tokens properly.
+	The rfc1964 mech always pads and confounds regardless of whether
+	confidentiality is requested.
+
 2000-01-27  Ken Raeburn  <raeburn@raeburn.org>
 
 	* init_sec_context.c (krb5_gss_init_sec_context): Default to
diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c
index f7fee73cdf..d71a3f8647 100644
--- a/src/lib/gssapi/krb5/wrap_size_limit.c
+++ b/src/lib/gssapi/krb5/wrap_size_limit.c
@@ -157,10 +157,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
 	/* Calculate the token size and subtract that from the output size */
 	overhead = 7 + ctx->mech_used->length;
 	data_size = req_output_size;
-	if (conf_req_flag) {
-		conflen = kg_confounder_size(context, ctx->enc);
-		data_size = (conflen + data_size + 8) & (~7);
-	}
+	conflen = kg_confounder_size(context, ctx->enc);
+	data_size = (conflen + data_size + 8) & (~(OM_uint32)7);
 	ohlen = g_token_size((gss_OID) ctx->mech_used,
 			     (unsigned int) (data_size + ctx->cksum_size + 14))
 		- req_output_size;
@@ -170,7 +168,8 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
 	     * Cannot have trailer length that will cause us to pad over
 	     * our length
 	     */
-	    *max_input_size = (req_output_size - ohlen - overhead) & (~7);
+	    *max_input_size = (req_output_size - ohlen - overhead)
+		& (~(OM_uint32)7);
 	else
 	    *max_input_size = 0;
     }