diff options
| author | Sam Hartman <hartmans@mit.edu> | 2003-07-22 22:27:34 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2003-07-22 22:27:34 +0000 |
| commit | de3dc2e43ee4313d44399a65b837eab84ccc7949 (patch) | |
| tree | 25f5d1d47b74c28cca0154522a7030d0c85ebe58 /src/lib | |
| parent | 927a9279aa2c05f350c781a80b41f3485c790118 (diff) | |
Send generalstring not octetstring in etype_info2. Accept either
form.
Also, if a etype_info fails to decode, skip it rather than failing to
process the AS reply.
Ticket: 1681
Tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15723 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/krb5/asn.1/ChangeLog | 11 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.c | 39 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.h | 2 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_encode.c | 10 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/krb5_decode.c | 15 | ||||
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 6 | ||||
| -rw-r--r-- | src/lib/krb5/krb/preauth2.c | 13 |
7 files changed, 81 insertions, 15 deletions
diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index 21822c9c9..578352bdb 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,14 @@ +2003-07-22 Sam Hartman <hartmans@avalanche-breakdown.mit.edu> + + * asn1_k_decode.c (asn1_decode_etype_info2_entry_1_3): Decoder for + the broken 1.3 ASN.1 behavior for etype_info2; see bug 1681. + + * asn1_k_decode.h (asn1_decode_etype_info2): Add v1_3_behavior + flag for parsing the broken 1.3 behavior of using an octetString + instead of generalString + + * asn1_k_decode.c (asn1_decode_etype_info2_entry): Expect etype_info2 as generalstring not octetstring + 2003-07-17 Ken Raeburn <raeburn@mit.edu> * Makefile.in (LIBNAME) [##WIN16##]: Don't define. diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 147c455bd..3ffb701fe 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -813,6 +813,32 @@ static asn1_error_code asn1_decode_etype_info2_entry(asn1buf *buf, krb5_etype_in { begin_structure(); get_field(val->etype,0,asn1_decode_enctype); if (tagnum == 1) { + get_lenfield(val->length,val->salt,1,asn1_decode_generalstring); + } else { + val->length = KRB5_ETYPE_NO_SALT; + val->salt = 0; + } + if ( tagnum ==2) { + krb5_octet *params ; + get_lenfield( val->s2kparams.length, params, + 2, asn1_decode_octetstring); + val->s2kparams.data = ( char *) params; + } else { + val->s2kparams.data = NULL; + val->s2kparams.length = 0; + } + end_structure(); + val->magic = KV5M_ETYPE_INFO_ENTRY; + } + cleanup(); +} + +static asn1_error_code asn1_decode_etype_info2_entry_1_3(asn1buf *buf, krb5_etype_info_entry *val ) +{ + setup(); + { begin_structure(); + get_field(val->etype,0,asn1_decode_enctype); + if (tagnum == 1) { get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); } else { val->length = KRB5_ETYPE_NO_SALT; @@ -832,6 +858,8 @@ static asn1_error_code asn1_decode_etype_info2_entry(asn1buf *buf, krb5_etype_in } cleanup(); } + + static asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_info_entry *val ) { setup(); @@ -857,9 +885,16 @@ asn1_error_code asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***va decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info_entry); } -asn1_error_code asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***val ) +asn1_error_code asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***val , + krb5_boolean v1_3_behavior) { - decode_array_body(krb5_etype_info_entry,asn1_decode_etype_info2_entry); + if (v1_3_behavior) { + decode_array_body(krb5_etype_info_entry, + asn1_decode_etype_info2_entry_1_3); + } else { + decode_array_body(krb5_etype_info_entry, + asn1_decode_etype_info2_entry); + } } asn1_error_code asn1_decode_passwdsequence(asn1buf *buf, passwd_phrase_element *val) diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h index ebcbe935b..22e43fd73 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.h +++ b/src/lib/krb5/asn.1/asn1_k_decode.h @@ -186,7 +186,7 @@ asn1_error_code asn1_decode_sequence_of_passwdsequence asn1_error_code asn1_decode_etype_info (asn1buf *buf, krb5_etype_info_entry ***val); asn1_error_code asn1_decode_etype_info2 - (asn1buf *buf, krb5_etype_info_entry ***val); + (asn1buf *buf, krb5_etype_info_entry ***val, krb5_boolean v1_3_behavior); #endif diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index d4ace7818..325a6ce77 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -721,10 +721,14 @@ asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info if(val->s2kparams.data != NULL) asn1_addlenfield(val->s2kparams.length, val->s2kparams.data, 2, asn1_encode_octetstring); - if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT) + if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT){ + if (etype_info2) asn1_addlenfield(val->length,val->salt,1, - asn1_encode_octetstring); - asn1_addfield(val->etype,0,asn1_encode_integer); + asn1_encode_generalstring) + else asn1_addlenfield(val->length,val->salt,1, + asn1_encode_octetstring); + } +asn1_addfield(val->etype,0,asn1_encode_integer); asn1_makeseq(); asn1_cleanup(); diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c index 3d2a6a709..4172c882b 100644 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ b/src/lib/krb5/asn.1/krb5_decode.c @@ -746,11 +746,16 @@ krb5_error_code decode_krb5_etype_info(const krb5_data *code, krb5_etype_info_en krb5_error_code decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_entry ***rep) { - setup_buf_only(); - *rep = 0; - retval = asn1_decode_etype_info2(&buf,rep); - if(retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here */ + setup_buf_only(); + *rep = 0; + retval = asn1_decode_etype_info2(&buf,rep, 0); + if (retval == ASN1_BAD_ID) { + retval = asn1buf_wrap_data(&buf,code); + if(retval) clean_return(retval); + retval = asn1_decode_etype_info2(&buf, rep, 1); + } + if(retval) clean_return(retval); + cleanup_none(); /* we're not allocating anything here */ } diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 834169c91..cd27b18ec 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,9 @@ +2003-07-22 Sam Hartman <hartmans@avalanche-breakdown.mit.edu> + + * preauth2.c (krb5_do_preauth): Use the etype_info2 decoder for decoding etype_info2 + (krb5_do_preauth): If an invalid encoding of etype_info or + etype_info2 is received, ignore it rather than failing the request + 2003-07-17 Ken Raeburn <raeburn@mit.edu> * Makefile.in (LIBNAME) [##WIN16##]: Don't define. diff --git a/src/lib/krb5/krb/preauth2.c b/src/lib/krb5/krb/preauth2.c index cdce093b8..6238a8276 100644 --- a/src/lib/krb5/krb/preauth2.c +++ b/src/lib/krb5/krb/preauth2.c @@ -883,13 +883,18 @@ krb5_do_preauth(krb5_context context, } } - if (pa_type == KRB5_PADATA_ETYPE_INFO2) - seen_etype_info2++; scratch.length = in_padata[i]->length; scratch.data = (char *) in_padata[i]->contents; - ret = decode_krb5_etype_info(&scratch, &etype_info); + if (pa_type == KRB5_PADATA_ETYPE_INFO2) { + seen_etype_info2++; + ret = decode_krb5_etype_info2(&scratch, &etype_info); + } + else ret = decode_krb5_etype_info(&scratch, &etype_info); if (ret) { - goto cleanup; + ret = 0; /*Ignore error and etype_info element*/ + krb5_free_etype_info( context, etype_info); + etype_info = NULL; + continue; } if (etype_info[0] == NULL) { krb5_free_etype_info(context, etype_info); |