projects / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 293442f)
use embedded pointers instead of extra arg
authorJohn Kohl <jtkohl@mit.edu>
Tue, 30 Jan 1990 18:03:44 +0000 (18:03 +0000)
committerJohn Kohl <jtkohl@mit.edu>
Tue, 30 Jan 1990 18:03:44 +0000 (18:03 +0000)
range-check cryptosystem.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@210 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/krb/encrypt_tk.c patch | blob | history

diff --git a/src/lib/krb5/krb/encrypt_tk.c b/src/lib/krb5/krb/encrypt_tk.c
index 194b56ebe591e0a57453c31d561d69b5b33a6b27..faf39371400bd709aaa3804eb1a79e20ccb37610 100644 (file)
--- a/src/lib/krb5/krb/encrypt_tk.c
+++ b/src/lib/krb5/krb/encrypt_tk.c
@@ -19,6 +19,7 @@ static char rcsid_encrypt_tk_c[] =
 
 #include <krb5/krb5.h>
 #include <krb5/asn1.h>
+#include <krb5/krb5_err.h>
 
 #include <errno.h>
 
@@ -26,6 +27,7 @@ static char rcsid_encrypt_tk_c[] =
 
 /* array of pointers into encryption systems */
 extern krb5_cs_table_entry *csarray[];
+extern int max_cryptosystem;           /* max entry in array */
 
 /*
  Takes unencrypted dec_ticket & dec_tkt_part, encrypts with dec_ticket->etype
@@ -38,17 +40,22 @@ extern krb5_cs_table_entry *csarray[];
 */
 
 krb5_error_code
-krb5_encrypt_tkt_part(dec_tkt_part, srv_key, dec_ticket)
-register krb5_enc_tkt_part *dec_tkt_part;
+krb5_encrypt_tkt_part(srv_key, dec_ticket)
 krb5_keyblock *srv_key;
 register krb5_ticket *dec_ticket;
 {
     krb5_data *scratch;
     krb5_error_code retval;
     krb5_encrypt_block eblock;
+    register krb5_enc_tkt_part *dec_tkt_part = dec_ticket->enc_part2;
 
     /* encrypt the encrypted part */
 
+    if (dec_ticket->etype > max_cryptosystem ||
+       dec_ticket->etype < 0 ||
+       !csarray[dec_ticket->etype])
+       return KRB5KDC_ERR_ETYPE_NOSUPP;
+
     /*  start by encoding the to-be-encrypted part. */
     if (retval = encode_krb5_enc_tkt_part(dec_tkt_part, &scratch)) {
        return retval;
MIT implementation of the Kerberos network authentication protocol. This repo may be rebased, so don't base your work on it. Use git://github.com/krb5/krb5 instead.