diff options
| author | Greg Hudson <ghudson@mit.edu> | 2010-01-04 17:00:23 +0000 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2010-01-04 17:00:23 +0000 |
| commit | 3d43471fa202846d68d32548d6cd027c25c97363 (patch) | |
| tree | 92b7873ca036adc06a41888a5a82518a3ca0a550 /src/lib | |
| parent | 0032360557cdac7a52615a19c0533d59dd289d33 (diff) | |
| download | krb5-3d43471fa202846d68d32548d6cd027c25c97363.tar.gz krb5-3d43471fa202846d68d32548d6cd027c25c97363.tar.xz krb5-3d43471fa202846d68d32548d6cd027c25c97363.zip | |
Don't accept AS replies encrypted in enctypes other than the ones we
asked for.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23577 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/krb/get_in_tkt.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c index 87521c594..ab92ee115 100644 --- a/src/lib/krb5/krb/get_in_tkt.c +++ b/src/lib/krb5/krb/get_in_tkt.c @@ -1730,6 +1730,19 @@ negotiation_requests_restart(krb5_context context, krb5_init_creds_context ctx, return 0; } +/* Ensure that the reply enctype was among the requested enctypes. */ +static krb5_error_code +check_reply_enctype(krb5_init_creds_context ctx) +{ + int i; + + for (i = 0; i < ctx->request->nktypes; i++) { + if (ctx->request->ktype[i] == ctx->reply->enc_part.enctype) + return 0; + } + return KRB5_CONFIG_ETYPE_NOSUPP; +} + static krb5_error_code init_creds_step_reply(krb5_context context, krb5_init_creds_context ctx, @@ -1820,6 +1833,11 @@ init_creds_step_reply(krb5_context context, /* We have a response. Process it. */ assert(ctx->reply != NULL); + /* Check for replies (likely forged) with unasked-for enctypes. */ + code = check_reply_enctype(ctx); + if (code != 0) + goto cleanup; + /* process any preauth data in the as_reply */ krb5_clear_preauth_context_use_counts(context); code = krb5int_fast_process_response(context, ctx->fast_state, |