summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/krb5/krb/rd_priv.c6
-rw-r--r--src/lib/krb5/krb/rd_safe.c6
2 files changed, 9 insertions, 3 deletions
diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
index 0f9781090..5a7e08a22 100644
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -166,6 +166,11 @@ OLDDECLARG(krb5_data *, outbuf)
cleanup_mesg();
return KRB5_RC_REQUIRED;
}
+ if (!krb5_address_compare(sender_addr, privmsg_enc_part->s_address)) {
+ cleanup_data();
+ cleanup_mesg();
+ return KRB5KRB_AP_ERR_BADADDR;
+ }
if (retval = krb5_gen_replay_name(sender_addr, "_priv",
&replay.client)) {
cleanup_data();
@@ -207,7 +212,6 @@ OLDDECLARG(krb5_data *, outbuf)
}
krb5_free_address(our_addrs);
}
- /* XXX check sender's address */
/* everything is ok - return data to the user */
diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c
index f27e71ea4..5588010bc 100644
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -87,6 +87,10 @@ krb5_data *outbuf;
cleanup();
return KRB5_RC_REQUIRED;
}
+ if (!krb5_address_compare(sender_addr, message->s_address)) {
+ cleanup();
+ return KRB5KRB_AP_ERR_BADADDR;
+ }
if (retval = krb5_gen_replay_name(sender_addr, "_safe",
&replay.client)) {
cleanup();
@@ -124,8 +128,6 @@ krb5_data *outbuf;
krb5_free_address(our_addrs);
}
- /* XXX check sender's address */
-
/* verify the checksum */
/* to do the checksum stuff, we need to re-encode the message with a
zero-length zero-type checksum, then checksum the encoding, and verify.
generated by cgit (git 2.34.1) at 2026-01-08 23:26:57 +0000