summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Bokovoy <ab@samba.org>2013-12-24 13:01:46 +0200
committerJakub Hrozek <jhrozek@redhat.com>2014-01-09 10:34:28 +0100
commitfe521d1ad610920ce5411589a158157d6a5f0794 (patch)
treefb26313de337116d2122bbddf963369ee9afc505
parent850f7b6ce4a0f3faa168d6ded2467585065436e6 (diff)
downloadsssd-fe521d1ad610920ce5411589a158157d6a5f0794.tar.gz
sssd-fe521d1ad610920ce5411589a158157d6a5f0794.tar.xz
sssd-fe521d1ad610920ce5411589a158157d6a5f0794.zip
FAST: when parsing krb5_child response, make sure to not miss OTP message if it was last one
The last message in the stream might be with empty payload which means we get only message type and message length (0) returned, i.e. 8 bytes left remaining in the stream after processing preceding message. This makes our calculation at the end of a message processing loop incorrect -- p+2*sizeof(int32_t) can be equal to len, after all. Fixes FAST processing for FreeIPA native OTP case: https://fedorahosted.org/sssd/ticket/2186
Diffstat
-rw-r--r--src/providers/krb5/krb5_child_handler.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index d582d3f73..c872b402d 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -548,8 +548,9 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len,
* CCACHE_ENV_NAME"=". pref_len also counts the trailing '=' because
* sizeof() counts the trailing '\0' of a string. */
pref_len = sizeof(CCACHE_ENV_NAME);
- if (msg_len > pref_len &&
- strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0) {
+ if ((msg_type == SSS_PAM_ENV_ITEM) &&
+ (msg_len > pref_len) &&
+ (strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0)) {
ccname = (char *) &buf[p+pref_len];
ccname_len = msg_len-pref_len;
}
@@ -600,7 +601,7 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len,
p += msg_len;
- if ((p < len) && (p + 2*sizeof(int32_t) >= len)) {
+ if ((p < len) && (p + 2*sizeof(int32_t) > len)) {
DEBUG(SSSDBG_CRIT_FAILURE,
("The remainder of the message is too short.\n"));
return EINVAL;
generated by cgit (git 2.34.1) at 2024-06-19 18:57:56 +0000