diff options
| author | John Kohl <jtkohl@mit.edu> | 1991-01-03 17:37:29 +0000 |
|---|---|---|
| committer | John Kohl <jtkohl@mit.edu> | 1991-01-03 17:37:29 +0000 |
| commit | f7997b606f624c2152a710ce45104aabdb4250f2 (patch) | |
| tree | c0279f163d40df3ce7a0c2f25f2e8a224ff152e4 /src | |
| parent | 95ca003adc3b0709707c002603ff88b33c01427b (diff) | |
| download | krb5-f7997b606f624c2152a710ce45104aabdb4250f2.tar.gz krb5-f7997b606f624c2152a710ce45104aabdb4250f2.tar.xz krb5-f7997b606f624c2152a710ce45104aabdb4250f2.zip | |
make sure ap_req checksum is collision proof,
and do better error message returns.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1612 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/kdc/kdc_util.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index fc4b11709..8fa33bc6b 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -150,7 +150,10 @@ krb5_ticket **ticket; if (retval = decode_krb5_ap_req(&scratch2, &apreq)) return retval; -#define cleanup_apreq() {krb5_free_ap_req(apreq); *ticket = 0;} + *ticket = apreq->ticket; + + /* the caller will free the ticket when cleaning up */ +#define cleanup_apreq() {apreq->ticket = 0; krb5_free_ap_req(apreq);} #ifdef notdef /* XXX why copy here? */ @@ -225,6 +228,13 @@ krb5_ticket **ticket; cleanup_apreq(); return KRB5KDC_ERR_SUMTYPE_NOSUPP; } + /* must be collision proof */ + if (!is_coll_proof_cksum(our_cksum.checksum_type)) { + krb5_free_authenticator(authdat.authenticator); + krb5_free_ticket(authdat.ticket); + cleanup_apreq(); + return KRB5KRB_AP_ERR_INAPP_CKSUM; + } /* check application checksum vs. tgs request */ if (!(our_cksum.contents = (krb5_octet *) @@ -275,9 +285,7 @@ krb5_ticket **ticket; /* ticket already filled in by rd_req_dec, so free the ticket */ krb5_free_ticket(authdat.ticket); - *ticket = apreq->ticket; - apreq->ticket = 0; - krb5_free_ap_req(apreq); + cleanup_apreq(); return 0; } |