summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/providers/krb5/krb5_child.c2
-rw-r--r--src/providers/krb5/krb5_child_handler.c6
2 files changed, 6 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c
index fda358944..5a5281a35 100644
--- a/src/providers/krb5/krb5_child.c
+++ b/src/providers/krb5/krb5_child.c
@@ -916,6 +916,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
if (kr->keytab == NULL) return ENOMEM;
p += len;
+ SAFEALIGN_COPY_UINT32_CHECK(&pd->authtok_type, buf + p, size, &p);
SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
if ((p + len) > size) return EINVAL;
pd->authtok = (uint8_t *)talloc_strndup(pd, (char *)(buf + p), len);
@@ -930,6 +931,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd,
}
if (pd->cmd == SSS_PAM_CHAUTHTOK) {
+ SAFEALIGN_COPY_UINT32_CHECK(&pd->newauthtok_type, buf + p, size, &p);
SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p);
if ((p + len) > size) return EINVAL;
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
index e708c50cc..9da8a37b1 100644
--- a/src/providers/krb5/krb5_child_handler.c
+++ b/src/providers/krb5/krb5_child_handler.c
@@ -106,12 +106,12 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
if (kr->pd->cmd == SSS_PAM_AUTHENTICATE ||
kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM ||
kr->pd->cmd == SSS_PAM_CHAUTHTOK) {
- buf->size += 3*sizeof(uint32_t) + strlen(kr->ccname) + strlen(keytab) +
+ buf->size += 4*sizeof(uint32_t) + strlen(kr->ccname) + strlen(keytab) +
kr->pd->authtok_size;
}
if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) {
- buf->size += sizeof(uint32_t) + kr->pd->newauthtok_size;
+ buf->size += 2*sizeof(uint32_t) + kr->pd->newauthtok_size;
}
if (kr->pd->cmd == SSS_PAM_ACCT_MGMT) {
@@ -145,12 +145,14 @@ static errno_t create_send_buffer(struct krb5child_req *kr,
SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(keytab), &rp);
safealign_memcpy(&buf->data[rp], keytab, strlen(keytab), &rp);
+ SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->authtok_type, &rp);
SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->authtok_size, &rp);
safealign_memcpy(&buf->data[rp], kr->pd->authtok,
kr->pd->authtok_size, &rp);
}
if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) {
+ SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_type, &rp);
SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_size, &rp);
safealign_memcpy(&buf->data[rp], kr->pd->newauthtok,
kr->pd->newauthtok_size, &rp);