diff options
-rw-r--r-- | src/providers/krb5/krb5_child.c | 2 | ||||
-rw-r--r-- | src/providers/krb5/krb5_child_handler.c | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index fda358944..5a5281a35 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -916,6 +916,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd, if (kr->keytab == NULL) return ENOMEM; p += len; + SAFEALIGN_COPY_UINT32_CHECK(&pd->authtok_type, buf + p, size, &p); SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); if ((p + len) > size) return EINVAL; pd->authtok = (uint8_t *)talloc_strndup(pd, (char *)(buf + p), len); @@ -930,6 +931,7 @@ static errno_t unpack_buffer(uint8_t *buf, size_t size, struct pam_data *pd, } if (pd->cmd == SSS_PAM_CHAUTHTOK) { + SAFEALIGN_COPY_UINT32_CHECK(&pd->newauthtok_type, buf + p, size, &p); SAFEALIGN_COPY_UINT32_CHECK(&len, buf + p, size, &p); if ((p + len) > size) return EINVAL; diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index e708c50cc..9da8a37b1 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -106,12 +106,12 @@ static errno_t create_send_buffer(struct krb5child_req *kr, if (kr->pd->cmd == SSS_PAM_AUTHENTICATE || kr->pd->cmd == SSS_PAM_CHAUTHTOK_PRELIM || kr->pd->cmd == SSS_PAM_CHAUTHTOK) { - buf->size += 3*sizeof(uint32_t) + strlen(kr->ccname) + strlen(keytab) + + buf->size += 4*sizeof(uint32_t) + strlen(kr->ccname) + strlen(keytab) + kr->pd->authtok_size; } if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) { - buf->size += sizeof(uint32_t) + kr->pd->newauthtok_size; + buf->size += 2*sizeof(uint32_t) + kr->pd->newauthtok_size; } if (kr->pd->cmd == SSS_PAM_ACCT_MGMT) { @@ -145,12 +145,14 @@ static errno_t create_send_buffer(struct krb5child_req *kr, SAFEALIGN_SET_UINT32(&buf->data[rp], strlen(keytab), &rp); safealign_memcpy(&buf->data[rp], keytab, strlen(keytab), &rp); + SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->authtok_type, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->authtok_size, &rp); safealign_memcpy(&buf->data[rp], kr->pd->authtok, kr->pd->authtok_size, &rp); } if (kr->pd->cmd == SSS_PAM_CHAUTHTOK) { + SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_type, &rp); SAFEALIGN_COPY_UINT32(&buf->data[rp], &kr->pd->newauthtok_size, &rp); safealign_memcpy(&buf->data[rp], kr->pd->newauthtok, kr->pd->newauthtok_size, &rp); |