FAST: when parsing krb5_child response, make sure to not miss OTP message if it was last onesssd-1.11.2-24.el7

The last message in the stream might be with empty payload which means we get
only message type and message length (0) returned, i.e. 8 bytes left remaining
in the stream after processing preceding message. This makes our calculation at
the end of a message processing loop incorrect -- p+2*sizeof(int32_t) can be
equal to len, after all.

Fixes FAST processing for FreeIPA native OTP case:
https://fedorahosted.org/sssd/ticket/2186

1 files changed, 4 insertions, 3 deletions

diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index 92dec0d2a..d6c1dc1f9 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -548,8 +548,9 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len,
          * CCACHE_ENV_NAME"=". pref_len also counts the trailing '=' because
          * sizeof() counts the trailing '\0' of a string. */
         pref_len = sizeof(CCACHE_ENV_NAME);
-        if (msg_len > pref_len &&
-            strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0) {
+        if ((msg_type == SSS_PAM_ENV_ITEM) &&
+            (msg_len > pref_len) &&
+            (strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0)) {
             ccname = (char *) &buf[p+pref_len];
             ccname_len = msg_len-pref_len;
         }
@@ -600,7 +601,7 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len,
 
         p += msg_len;
 
-        if ((p < len) && (p + 2*sizeof(int32_t) >= len)) {
+        if ((p < len) && (p + 2*sizeof(int32_t) > len)) {
             DEBUG(SSSDBG_CRIT_FAILURE,
                   ("The remainder of the message is too short.\n"));
             return EINVAL;