Always check the sender and receiver addresses. If the receiver is null

author Theodore Tso <tytso@mit.edu>

Thu, 2 Jun 1994 16:43:33 +0000 (16:43 +0000)

committer Theodore Tso <tytso@mit.edu>

Thu, 2 Jun 1994 16:43:33 +0000 (16:43 +0000)
author Theodore Tso <tytso@mit.edu>
Thu, 2 Jun 1994 16:43:33 +0000 (16:43 +0000)
committer Theodore Tso <tytso@mit.edu>
Thu, 2 Jun 1994 16:43:33 +0000 (16:43 +0000)
diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c

index 1e51f937b1db8c22df1945d5e2242ff0f022889e..f069d327223c961e17b6ca7e12c3bbf988e66212 100644 (file)
--- a/src/lib/krb5/krb/rd_priv.c
+++ b/src/lib/krb5/krb/rd_priv.c
@@ -180,17 +180,6 @@ OLDDECLARG(krb5_data *, outbuf)
             cleanup_mesg();  
             return KRB5_RC_REQUIRED;
         }
-       if (!krb5_address_compare(sender_addr, privmsg_enc_part->s_address)) {
-           cleanup_data();
-           cleanup_mesg();
-           return KRB5KRB_AP_ERR_BADADDR;
-       }
-       if (recv_addr && privmsg_enc_part->r_address &&
-           !krb5_address_compare(recv_addr, privmsg_enc_part->r_address)) {
-           cleanup_data();
-           cleanup_mesg();
-           return KRB5KRB_AP_ERR_BADADDR;
-       }           
         if (retval = krb5_gen_replay_name(sender_addr, "_priv",
                                           &replay.client)) {
             cleanup_data();
@@ -216,21 +205,36 @@ OLDDECLARG(krb5_data *, outbuf)
             return KRB5KRB_AP_ERR_BADORDER;
         }
  
+    if (!krb5_address_compare(sender_addr, privmsg_enc_part->s_address)) {
+       cleanup_data();
+       cleanup_mesg();
+       return KRB5KRB_AP_ERR_BADADDR;
+    }
+    
      if (privmsg_enc_part->r_address) {
-       krb5_address **our_addrs;
+       if (recv_addr) {
+           if (!krb5_address_compare(recv_addr,
+                                     privmsg_enc_part->r_address)) {
+               cleanup_data();
+               cleanup_mesg();
+               return KRB5KRB_AP_ERR_BADADDR;
+           }
+       } else {
+           krb5_address **our_addrs;
         
-       if (retval = krb5_os_localaddr(&our_addrs)) {
-           cleanup_data();
-           cleanup_mesg();
-           return retval;
-       }
-       if (!krb5_address_search(privmsg_enc_part->r_address, our_addrs)) {
+           if (retval = krb5_os_localaddr(&our_addrs)) {
+               cleanup_data();
+               cleanup_mesg();
+               return retval;
+           }
+           if (!krb5_address_search(privmsg_enc_part->r_address, our_addrs)) {
+               krb5_free_addresses(our_addrs);
+               cleanup_data();
+               cleanup_mesg();
+               return KRB5KRB_AP_ERR_BADADDR;
+           }
             krb5_free_addresses(our_addrs);
-           cleanup_data();
-           cleanup_mesg();
-           return KRB5KRB_AP_ERR_BADADDR;
         }
-       krb5_free_addresses(our_addrs);
      }
  
      /* everything is ok - return data to the user */
diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c

index b884e1660e44483e35babfd7de08de0090383066..c59de80d44e7009ffd7fda9db4329cb4ea5f4bb0 100644 (file)
--- a/src/lib/krb5/krb/rd_safe.c
+++ b/src/lib/krb5/krb/rd_safe.c
@@ -105,15 +105,6 @@ krb5_data *outbuf;
             cleanup();
             return KRB5_RC_REQUIRED;
         }
-       if (!krb5_address_compare(sender_addr, message->s_address)) {
-           cleanup();
-           return KRB5KRB_AP_ERR_BADADDR;
-       }
-       if (recv_addr && message->r_address &&
-           !krb5_address_compare(recv_addr, message->r_address)) {
-           cleanup();
-           return KRB5KRB_AP_ERR_BADADDR;
-       }           
         if (retval = krb5_gen_replay_name(sender_addr, "_safe",
                                           &replay.client)) {
             cleanup();
@@ -136,19 +127,31 @@ krb5_data *outbuf;
             return KRB5KRB_AP_ERR_BADORDER;
         }
  
+    if (!krb5_address_compare(sender_addr, message->s_address)) {
+       cleanup();
+       return KRB5KRB_AP_ERR_BADADDR;
+    }
+
      if (message->r_address) {
-       krb5_address **our_addrs;
+       if (recv_addr) {
+           if (!krb5_address_compare(recv_addr, message->r_address)) {
+               cleanup();
+               return KRB5KRB_AP_ERR_BADADDR;
+           }
+       } else {
+           krb5_address **our_addrs;
         
-       if (retval = krb5_os_localaddr(&our_addrs)) {
-           cleanup();
-           return retval;
-       }
-       if (!krb5_address_search(message->r_address, our_addrs)) {
+           if (retval = krb5_os_localaddr(&our_addrs)) {
+               cleanup();
+               return retval;
+           }
+           if (!krb5_address_search(message->r_address, our_addrs)) {
+               krb5_free_addresses(our_addrs);
+               cleanup();
+               return KRB5KRB_AP_ERR_BADADDR;
+           }
             krb5_free_addresses(our_addrs);
-           cleanup();
-           return KRB5KRB_AP_ERR_BADADDR;
         }
-       krb5_free_addresses(our_addrs);
      }
  
      /* verify the checksum */
author	Theodore Tso <tytso@mit.edu>
	Thu, 2 Jun 1994 16:43:33 +0000 (16:43 +0000)
committer	Theodore Tso <tytso@mit.edu>
	Thu, 2 Jun 1994 16:43:33 +0000 (16:43 +0000)
src/lib/krb5/krb/rd_priv.c		patch \| blob \| history
src/lib/krb5/krb/rd_safe.c		patch \| blob \| history