check msg type before decoding

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@481 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 5 insertions, 0 deletions

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 787c93ab2..b83d95207 100644
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -114,6 +114,8 @@ OLDDECLARG(krb5_ccache, ccache)
 
     /* now decode the reply...could be error or as_rep */
 
+    if (!krb5_is_kdc_rep(&reply))
+	return KRB5KRB_AP_ERR_MSG_TYPE;
     if (retval = decode_krb5_as_rep(&reply, &as_reply)) {
 	if (decode_krb5_error(&reply, &err_reply))
 	    return retval;		/* some other reply--??? */
diff --git a/src/lib/krb5/krb/rd_error.c b/src/lib/krb5/krb/rd_error.c
index bbbee8ae6..6e2e46f9b 100644
--- a/src/lib/krb5/krb/rd_error.c
+++ b/src/lib/krb5/krb/rd_error.c
@@ -19,6 +19,7 @@ static char rcsid_rd_error_c[] =
 
 #include <krb5/krb5.h>
 #include <krb5/asn1.h>
+#include <krb5/krb5_err.h>
 
 #include <krb5/ext-proto.h>
 
@@ -39,6 +40,8 @@ krb5_error *dec_error;
     krb5_error_code retval;
     krb5_error *new_dec_error;
 
+    if (!krb5_is_krb_error(enc_errbuf))
+	return KRB5KRB_AP_ERR_MSG_TYPE;
     if (retval = decode_krb5_error(enc_errbuf, &new_dec_error))
 	return(retval);
     *dec_error = *new_dec_error;