2 files changed, 6 insertions, 2 deletions

diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index fda358944..5a5281a35 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -916,6 +916,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
         if (kr->keytab == NULL) return ENOMEM;
         p += len;
 
+        SAFEALIGN_COPY_UINT32_CHECK(&pd->authtok_type, buf + p, size, &p);
         SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
         if ((p + len) > size) return EINVAL;
         pd->authtok = (uint8_t *)talloc_strndup(pd, (char *)(buf + p), len);
@@ -930,6 +931,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
     }
 
     if (pd->cmd == SSS_PAM_CHAUTHTOK) {
+        SAFEALIGN_COPY_UINT32_CHECK(&pd->newauthtok_type, buf + p, size, &p);
         SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
 
         if ((p + len) > size) return EINVAL;
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index e708c50cc..9da8a37b1 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -106,12 +106,12 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
     if (kr->pd->cmd == SSS_PAM_AUTHENTICATE ||
         kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM ||
         kr->pd->cmd == SSS_PAM_CHAUTHTOK) {
-        buf->size += 3*sizeof(uint32_t) + strlen(kr->ccname) + strlen(keytab) +
+        buf->size += 4*sizeof(uint32_t) + strlen(kr->ccname) + strlen(keytab) +
                      kr->pd->authtok_size;
     }
 
     if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) {
-        buf->size += sizeof(uint32_t) + kr->pd->newauthtok_size;
+        buf->size += 2*sizeof(uint32_t) + kr->pd->newauthtok_size;
     }
 
     if (kr->pd->cmd == SSS_PAM_ACCT_MGMT) {
@@ -145,12 +145,14 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
         SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(keytab), &rp);
         safealign_memcpy(&buf->data[rp], keytab, strlen(keytab), &rp);
 
+        SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->authtok_type, &rp);
         SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->authtok_size, &rp);
         safealign_memcpy(&buf->data[rp], kr->pd->authtok,
                          kr->pd->authtok_size, &rp);
     }
 
     if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) {
+        SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_type, &rp);
         SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_size, &rp);
         safealign_memcpy(&buf->data[rp], kr->pd->newauthtok,
                          kr->pd->newauthtok_size, &rp);