check msg type before decoding

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@481 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/get_in_tkt.c b/src/lib/krb5/krb/get_in_tkt.c
index 787c93ab2703d70827f28606241b2acf3eb52920..b83d9520738fd6391c5a8c8955c9949be8fcbb50 100644 (file)
--- a/src/lib/krb5/krb/get_in_tkt.c
+++ b/src/lib/krb5/krb/get_in_tkt.c
@@ -114,6 +114,8 @@ OLDDECLARG(krb5_ccache, ccache)
 
     /* now decode the reply...could be error or as_rep */
 
+    if (!krb5_is_kdc_rep(&reply))
+       return KRB5KRB_AP_ERR_MSG_TYPE;
     if (retval = decode_krb5_as_rep(&reply, &as_reply)) {
        if (decode_krb5_error(&reply, &err_reply))
            return retval;              /* some other reply--??? */

diff --git a/src/lib/krb5/krb/rd_error.c b/src/lib/krb5/krb/rd_error.c
index bbbee8ae6d11ed617014f6826d1f8d913bfa920a..6e2e46f9bca64e4a131eb4396fb39e1a00c476d9 100644 (file)
--- a/src/lib/krb5/krb/rd_error.c
+++ b/src/lib/krb5/krb/rd_error.c
@@ -19,6 +19,7 @@ static char rcsid_rd_error_c[] =
 
 #include <krb5/krb5.h>
 #include <krb5/asn1.h>
+#include <krb5/krb5_err.h>
 
 #include <krb5/ext-proto.h>
 
@@ -39,6 +40,8 @@ krb5_error *dec_error;
     krb5_error_code retval;
     krb5_error *new_dec_error;
 
+    if (!krb5_is_krb_error(enc_errbuf))
+       return KRB5KRB_AP_ERR_MSG_TYPE;
     if (retval = decode_krb5_error(enc_errbuf, &new_dec_error))
        return(retval);
     *dec_error = *new_dec_error;