compare network addreses

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1998 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c
index 0f9781090e6747f9e9f89b256520bfc32e84952d..5a7e08a22ac116856c8e60bf98a30acb9ee1f321 100644 (file)
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -166,6 +166,11 @@ OLDDECLARG(krb5_data *, outbuf)
            cleanup_mesg();  
            return KRB5_RC_REQUIRED;
        }
+       if (!krb5_address_compare(sender_addr, privmsg_enc_part->s_address)) {
+           cleanup_data();
+           cleanup_mesg();
+           return KRB5KRB_AP_ERR_BADADDR;
+       }
        if (retval = krb5_gen_replay_name(sender_addr, "_priv",
                                          &replay.client)) {
            cleanup_data();
@@ -207,7 +212,6 @@ OLDDECLARG(krb5_data *, outbuf)
        }
        krb5_free_address(our_addrs);
     }
-    /* XXX check sender's address */
 
     /* everything is ok - return data to the user */
 

diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c
index f27e71ea4b9db5bbd97ffc3750b4b0424260db6b..5588010bc7069ee19b28e0be58eef2d7c07558de 100644 (file)
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -87,6 +87,10 @@ krb5_data *outbuf;
            cleanup();
            return KRB5_RC_REQUIRED;
        }
+       if (!krb5_address_compare(sender_addr, message->s_address)) {
+           cleanup();
+           return KRB5KRB_AP_ERR_BADADDR;
+       }
        if (retval = krb5_gen_replay_name(sender_addr, "_safe",
                                          &replay.client)) {
            cleanup();
@@ -124,8 +128,6 @@ krb5_data *outbuf;
        krb5_free_address(our_addrs);
     }
 
-    /* XXX check sender's address */
-
     /* verify the checksum */
     /* to do the checksum stuff, we need to re-encode the message with a
        zero-length zero-type checksum, then checksum the encoding, and verify.