diff options
| author | Zhanna Tsitkov <tsitkova@mit.edu> | 2013-09-19 13:11:15 -0400 |
|---|---|---|
| committer | Zhanna Tsitkov <tsitkova@mit.edu> | 2013-09-23 12:06:47 -0400 |
| commit | 58ea3bdbfe6330225a2d58dfb00ccf1ad70617fe (patch) | |
| tree | 490308667d2787d1d0a28ebb3d8842a90367c5ed | |
| parent | 66b141745fc56bbdb7b738582ba7e1cce1e503c8 (diff) | |
| download | krb5-58ea3bdbfe6330225a2d58dfb00ccf1ad70617fe.tar.gz krb5-58ea3bdbfe6330225a2d58dfb00ccf1ad70617fe.tar.xz krb5-58ea3bdbfe6330225a2d58dfb00ccf1ad70617fe.zip | |
Err codes in KRB_ERROR protocol messages are < 128
If the error code is out of [0,127] range, assign it to KRB_ERR_GENERIC.
This fix is to correct the previous behavior with [0,128] range.
For more information see krb5_err.et
| -rw-r--r-- | src/include/k5-int.h | 1 | ||||
| -rw-r--r-- | src/kadmin/server/schpw.c | 2 | ||||
| -rw-r--r-- | src/kdc/do_as_req.c | 2 | ||||
| -rw-r--r-- | src/kdc/do_tgs_req.c | 2 | ||||
| -rw-r--r-- | src/lib/gssapi/krb5/accept_sec_context.c | 2 |
5 files changed, 5 insertions, 4 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h index f84fbd835..d5814d9bb 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -381,6 +381,7 @@ typedef INT64_TYPE krb5_int64; not find a KDC */ #define KRB_AP_ERR_IAKERB_KDC_NO_RESPONSE 86 /* The KDC did not respond to the IAKERB proxy */ +#define KRB_ERR_MAX 127 /* err table base max offset for protocol err codes */ /* * A null-terminated array of this structure is returned by the KDC as diff --git a/src/kadmin/server/schpw.c b/src/kadmin/server/schpw.c index 7f455d864..4a91159e4 100644 --- a/src/kadmin/server/schpw.c +++ b/src/kadmin/server/schpw.c @@ -365,7 +365,7 @@ chpwfail: to mk_error do. */ krberror.error = ret; krberror.error -= ERROR_TABLE_BASE_krb5; - if (krberror.error < 0 || krberror.error > 128) + if (krberror.error < 0 || krberror.error > KRB_ERR_MAX) krberror.error = KRB_ERR_GENERIC; krberror.client = NULL; diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c index 11ba5a283..8790ec403 100644 --- a/src/kdc/do_as_req.c +++ b/src/kdc/do_as_req.c @@ -351,7 +351,7 @@ egress: } if (errcode != KRB5KDC_ERR_DISCARD) { errcode -= ERROR_TABLE_BASE_krb5; - if (errcode < 0 || errcode > 128) + if (errcode < 0 || errcode > KRB_ERR_MAX) errcode = KRB_ERR_GENERIC; errcode = prepare_error_as(state->rstate, state->request, diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index f047dd8f6..ae5e7572e 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -776,7 +776,7 @@ cleanup: got_err = 1; } errcode -= ERROR_TABLE_BASE_krb5; - if (errcode < 0 || errcode > 128) + if (errcode < 0 || errcode > KRB_ERR_MAX) errcode = KRB_ERR_GENERIC; retval = prepare_error_tgs(state, request, header_ticket, errcode, diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 82bd013c3..9f9b6c679 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -1233,7 +1233,7 @@ fail: memset(&krb_error_data, 0, sizeof(krb_error_data)); code -= ERROR_TABLE_BASE_krb5; - if (code < 0 || code > 128) + if (code < 0 || code > KRB_ERR_MAX) code = 60 /* KRB_ERR_GENERIC */; krb_error_data.error = code; |