summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/krb5/asn.1/ChangeLog11
-rw-r--r--src/lib/krb5/asn.1/asn1_k_decode.c39
-rw-r--r--src/lib/krb5/asn.1/asn1_k_decode.h2
-rw-r--r--src/lib/krb5/asn.1/asn1_k_encode.c10
-rw-r--r--src/lib/krb5/asn.1/krb5_decode.c15
-rw-r--r--src/lib/krb5/krb/ChangeLog6
-rw-r--r--src/lib/krb5/krb/preauth2.c13
-rw-r--r--src/tests/asn.1/reference_encode.out4
-rw-r--r--src/tests/asn.1/trval_reference.out6
9 files changed, 86 insertions, 20 deletions
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog
index 21822c9c96..578352bdb0 100644
--- a/src/lib/krb5/asn.1/ChangeLog
+++ b/src/lib/krb5/asn.1/ChangeLog
@@ -1,3 +1,14 @@
+2003-07-22 Sam Hartman <hartmans@avalanche-breakdown.mit.edu>
+
+ * asn1_k_decode.c (asn1_decode_etype_info2_entry_1_3): Decoder for
+ the broken 1.3 ASN.1 behavior for etype_info2; see bug 1681.
+
+ * asn1_k_decode.h (asn1_decode_etype_info2): Add v1_3_behavior
+ flag for parsing the broken 1.3 behavior of using an octetString
+ instead of generalString
+
+ * asn1_k_decode.c (asn1_decode_etype_info2_entry): Expect etype_info2 as generalstring not octetstring
+
2003-07-17 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (LIBNAME) [##WIN16##]: Don't define.
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c
index 147c455bd7..3ffb701fe4 100644
--- a/src/lib/krb5/asn.1/asn1_k_decode.c
+++ b/src/lib/krb5/asn.1/asn1_k_decode.c
@@ -813,6 +813,32 @@ static asn1_error_code asn1_decode_etype_info2_entry(asn1buf *buf, krb5_etype_in
{ begin_structure();
get_field(val->etype,0,asn1_decode_enctype);
if (tagnum == 1) {
+ get_lenfield(val->length,val->salt,1,asn1_decode_generalstring);
+ } else {
+ val->length = KRB5_ETYPE_NO_SALT;
+ val->salt = 0;
+ }
+ if ( tagnum ==2) {
+ krb5_octet *params ;
+ get_lenfield( val->s2kparams.length, params,
+ 2, asn1_decode_octetstring);
+ val->s2kparams.data = ( char *) params;
+ } else {
+ val->s2kparams.data = NULL;
+ val->s2kparams.length = 0;
+ }
+ end_structure();
+ val->magic = KV5M_ETYPE_INFO_ENTRY;
+ }
+ cleanup();
+}
+
+static asn1_error_code asn1_decode_etype_info2_entry_1_3(asn1buf *buf, krb5_etype_info_entry *val )
+{
+ setup();
+ { begin_structure();
+ get_field(val->etype,0,asn1_decode_enctype);
+ if (tagnum == 1) {
get_lenfield(val->length,val->salt,1,asn1_decode_octetstring);
} else {
val->length = KRB5_ETYPE_NO_SALT;
@@ -832,6 +858,8 @@ static asn1_error_code asn1_decode_etype_info2_entry(asn1buf *buf, krb5_etype_in
}
cleanup();
}
+
+
static asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry *val )
{
setup();
@@ -857,9 +885,16 @@ asn1_error_code asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***va
decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info_entry);
}
-asn1_error_code asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***val )
+asn1_error_code asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***val ,
+ krb5_boolean v1_3_behavior)
{
- decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info2_entry);
+ if (v1_3_behavior) {
+ decode_array_body(krb5_etype_info_entry,
+ asn1_decode_etype_info2_entry_1_3);
+ } else {
+ decode_array_body(krb5_etype_info_entry,
+ asn1_decode_etype_info2_entry);
+ }
}
asn1_error_code asn1_decode_passwdsequence(asn1buf *buf, passwd_phrase_element *val)
diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h
index ebcbe935b5..22e43fd737 100644
--- a/src/lib/krb5/asn.1/asn1_k_decode.h
+++ b/src/lib/krb5/asn.1/asn1_k_decode.h
@@ -186,7 +186,7 @@ asn1_error_code asn1_decode_sequence_of_passwdsequence
asn1_error_code asn1_decode_etype_info
(asn1buf *buf, krb5_etype_info_entry ***val);
asn1_error_code asn1_decode_etype_info2
- (asn1buf *buf, krb5_etype_info_entry ***val);
+ (asn1buf *buf, krb5_etype_info_entry ***val, krb5_boolean v1_3_behavior);
#endif
diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c
index d4ace7818f..325a6ce775 100644
--- a/src/lib/krb5/asn.1/asn1_k_encode.c
+++ b/src/lib/krb5/asn.1/asn1_k_encode.c
@@ -721,10 +721,14 @@ asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info
if(val->s2kparams.data != NULL)
asn1_addlenfield(val->s2kparams.length, val->s2kparams.data, 2,
asn1_encode_octetstring);
- if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT)
+ if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT){
+ if (etype_info2)
asn1_addlenfield(val->length,val->salt,1,
- asn1_encode_octetstring);
- asn1_addfield(val->etype,0,asn1_encode_integer);
+ asn1_encode_generalstring)
+ else asn1_addlenfield(val->length,val->salt,1,
+ asn1_encode_octetstring);
+ }
+asn1_addfield(val->etype,0,asn1_encode_integer);
asn1_makeseq();
asn1_cleanup();
diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c
index 3d2a6a7096..4172c882bf 100644
--- a/src/lib/krb5/asn.1/krb5_decode.c
+++ b/src/lib/krb5/asn.1/krb5_decode.c
@@ -746,11 +746,16 @@ krb5_error_code decode_krb5_etype_info(const krb5_data *code, krb5_etype_info_en
krb5_error_code decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_entry ***rep)
{
- setup_buf_only();
- *rep = 0;
- retval = asn1_decode_etype_info2(&buf,rep);
- if(retval) clean_return(retval);
- cleanup_none(); /* we're not allocating anything here */
+ setup_buf_only();
+ *rep = 0;
+ retval = asn1_decode_etype_info2(&buf,rep, 0);
+ if (retval == ASN1_BAD_ID) {
+ retval = asn1buf_wrap_data(&buf,code);
+ if(retval) clean_return(retval);
+ retval = asn1_decode_etype_info2(&buf, rep, 1);
+ }
+ if(retval) clean_return(retval);
+ cleanup_none(); /* we're not allocating anything here */
}
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index 834169c915..cd27b18ec7 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,9 @@
+2003-07-22 Sam Hartman <hartmans@avalanche-breakdown.mit.edu>
+
+ * preauth2.c (krb5_do_preauth): Use the etype_info2 decoder for decoding etype_info2
+ (krb5_do_preauth): If an invalid encoding of etype_info or
+ etype_info2 is received, ignore it rather than failing the request
+
2003-07-17 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (LIBNAME) [##WIN16##]: Don't define.
diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c
index cdce093b8d..6238a8276f 100644
--- a/src/lib/krb5/krb/preauth2.c
+++ b/src/lib/krb5/krb/preauth2.c
@@ -883,13 +883,18 @@ krb5_do_preauth(krb5_context context,
}
}
- if (pa_type == KRB5_PADATA_ETYPE_INFO2)
- seen_etype_info2++;
scratch.length = in_padata[i]->length;
scratch.data = (char *) in_padata[i]->contents;
- ret = decode_krb5_etype_info(&scratch, &etype_info);
+ if (pa_type == KRB5_PADATA_ETYPE_INFO2) {
+ seen_etype_info2++;
+ ret = decode_krb5_etype_info2(&scratch, &etype_info);
+ }
+ else ret = decode_krb5_etype_info(&scratch, &etype_info);
if (ret) {
- goto cleanup;
+ ret = 0; /*Ignore error and etype_info element*/
+ krb5_free_etype_info( context, etype_info);
+ etype_info = NULL;
+ continue;
}
if (etype_info[0] == NULL) {
krb5_free_etype_info(context, etype_info);
diff --git a/src/tests/asn.1/reference_encode.out b/src/tests/asn.1/reference_encode.out
index 0d449d2326..a118c050de 100644
--- a/src/tests/asn.1/reference_encode.out
+++ b/src/tests/asn.1/reference_encode.out
@@ -44,8 +44,8 @@ encode_krb5_alt_method (no data): 30 05 A0 03 02 01 2A
encode_krb5_etype_info: 30 33 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 30 05 A0 03 02 01 01 30 14 A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32
encode_krb5_etype_info (only 1): 30 16 30 14 A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30
encode_krb5_etype_info (no info): 30 00
-encode_krb5_etype_info2: 30 51 30 1E A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30 30 0F A0 03 02 01 01 A2 08 04 06 73 32 6B 3A 20 31 30 1E A0 03 02 01 02 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 32 A2 08 04 06 73 32 6B 3A 20 32
-encode_krb5_etype_info2 (only 1): 30 20 30 1E A0 03 02 01 00 A1 0D 04 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30
+encode_krb5_etype_info2: 30 51 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30 30 0F A0 03 02 01 01 A2 08 04 06 73 32 6B 3A 20 31 30 1E A0 03 02 01 02 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 32 A2 08 04 06 73 32 6B 3A 20 32
+encode_krb5_etype_info2 (only 1): 30 20 30 1E A0 03 02 01 00 A1 0D 1B 0B 4D 6F 72 74 6F 6E 27 73 20 23 30 A2 08 04 06 73 32 6B 3A 20 30
encode_krb5_pa_enc_ts: 30 1A A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40
encode_krb5_pa_enc_ts (no usec): 30 13 A0 11 18 0F 31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A
encode_krb5_enc_data: 30 23 A0 03 02 01 00 A1 03 02 01 05 A2 17 04 15 6B 72 62 41 53 4E 2E 31 20 74 65 73 74 20 6D 65 73 73 61 67 65
diff --git a/src/tests/asn.1/trval_reference.out b/src/tests/asn.1/trval_reference.out
index 4422ad4cbf..95311d3fe2 100644
--- a/src/tests/asn.1/trval_reference.out
+++ b/src/tests/asn.1/trval_reference.out
@@ -1129,14 +1129,14 @@ encode_krb5_etype_info2:
[Sequence/Sequence Of]
. [Sequence/Sequence Of]
. . [0] [Integer] 0
-. . [1] [Octet String] "Morton's #0"
+. . [1] [General string] "Morton's #0"
. . [2] [Octet String] "s2k: 0"
. [Sequence/Sequence Of]
. . [0] [Integer] 1
. . [2] [Octet String] "s2k: 1"
. [Sequence/Sequence Of]
. . [0] [Integer] 2
-. . [1] [Octet String] "Morton's #2"
+. . [1] [General string] "Morton's #2"
. . [2] [Octet String] "s2k: 2"
encode_krb5_etype_info2 (only 1):
@@ -1144,7 +1144,7 @@ encode_krb5_etype_info2 (only 1):
[Sequence/Sequence Of]
. [Sequence/Sequence Of]
. . [0] [Integer] 0
-. . [1] [Octet String] "Morton's #0"
+. . [1] [General string] "Morton's #0"
. . [2] [Octet String] "s2k: 0"
encode_krb5_pa_enc_ts:
generated by cgit (git 2.34.1) at 2024-09-25 08:34:49 +0000