* g_ad_tkt.c: Fix error packet parsing

	* g_in_tkt.c: Fix error packet parsing.  Also, declare some
	internal functions as static and add prototypes.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12914 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog
index 1a4e2472dcacdbaa8238a9a1a6e51fca5660eed1..5fabd2b96c5c6af794ef94b9ff4e7dee980b87f5 100644 (file)
--- a/src/lib/krb4/ChangeLog
+++ b/src/lib/krb4/ChangeLog
@@ -1,3 +1,10 @@
+2001-01-18  Tom Yu  <tlyu@mit.edu>
+
+       * g_ad_tkt.c: Fix error packet parsing.
+
+       * g_in_tkt.c: Fix error packet parsing.  Also, declare some
+       internal functions as static and add prototypes.
+
 2000-11-09  Danilo Almeida  <dalmeida@mit.edu>
 
        * strnlen.c (krb_strnlen): Put The return type before the calling

diff --git a/src/lib/krb4/g_ad_tkt.c b/src/lib/krb4/g_ad_tkt.c
index 092be7a225002e47b1839ae350837af489f7126e..a1e3b36f0e2dc1778561df401983d5e6b8fda0e3 100644 (file)
--- a/src/lib/krb4/g_ad_tkt.c
+++ b/src/lib/krb4/g_ad_tkt.c
@@ -1,8 +1,8 @@
 /*
  * lib/krb4/g_ad_tkt.c
  *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology.  All Rights Reserved.
+ * Copyright 1986, 1987, 1988, 2000, 2001 by the Massachusetts
+ * Institute of Technology.  All Rights Reserved.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
@@ -110,8 +110,22 @@ g_ad_tkt_parse(KTEXT rpkt, C_Block tgtses, C_Block ses,
     /* Check byte order (little-endian == 1) */
     msg_byte_order = t_switch & 1;
     t_switch &= ~1;
+    /*
+     * Skip over some stuff (3 strings and various integers -- see
+     * cr_auth_repl.c for details).  Maybe we should actually verify
+     * these?
+     */
+    for (i = 0; i < 3; i++) {
+       len = krb_strnlen((char *)ptr, RPKT_REMAIN) + 1;
+       if (len <= 0)
+           return INTK_PROT;
+       ptr += len;
+    }
     switch (t_switch) {
     case AUTH_MSG_KDC_REPLY:
+       if (RPKT_REMAIN < 4 + 1 + 4 + 1)
+           return INTK_PROT;
+       ptr += 4 + 1 + 4 + 1;
        break;
     case AUTH_MSG_ERR_REPLY:
        if (RPKT_REMAIN < 4)
@@ -122,20 +136,6 @@ g_ad_tkt_parse(KTEXT rpkt, C_Block tgtses, C_Block ses,
     default:
        return INTK_PROT;
     }
-    /*
-     * Skip over some stuff (3 strings and various integers -- see
-     * cr_auth_repl.c for details).  Maybe we should actually verify
-     * these?
-     */
-    for (i = 0; i < 3; i++) {
-       len = krb_strnlen((char *)ptr, RPKT_REMAIN) + 1;
-       if (len <= 0)
-           return INTK_PROT;
-       ptr += len;
-    }
-    if (RPKT_REMAIN < 4 + 1 + 4 + 1)
-       return INTK_PROT;
-    ptr += 4 + 1 + 4 + 1;
 
     /* Extract the ciphertext */
     if (RPKT_REMAIN < 2)

diff --git a/src/lib/krb4/g_in_tkt.c b/src/lib/krb4/g_in_tkt.c
index b7ab0dfc433e5efe20f9c985cedb75dcb33e54e8..872d3fe2bd45a955bd9ea0610de3f000af93a464 100644 (file)
--- a/src/lib/krb4/g_in_tkt.c
+++ b/src/lib/krb4/g_in_tkt.c
@@ -1,8 +1,8 @@
 /*
  * lib/krb4/g_in_tkt.c
  *
- * Copyright 1986, 1987, 1988, 2000 by the Massachusetts Institute of
- * Technology.  All Rights Reserved.
+ * Copyright 1986, 1987, 1988, 2000, 2001 by the Massachusetts
+ * Institute of Technology.  All Rights Reserved.
  *
  * Export of this software from the United States of America may
  *   require a specific license from the United States Government.
@@ -44,6 +44,14 @@ typedef int (*decrypt_tkt_type) PROTOTYPE ((char *, char *, char *, char *,
                                     key_proc_type, KTEXT *));
 #endif
 
+static int
+krb_mk_in_tkt_preauth(char *, char *, char *, char *, char *,
+                     int, char *, int, KTEXT, int *);
+
+static int
+krb_parse_in_tkt(char *, char *, char *, char *, char *,
+                int, KTEXT, int);
+
 /*
  * decrypt_tkt(): Given user, instance, realm, passwd, key_proc
  * and the cipher text sent from the KDC, decrypt the cipher text
@@ -125,7 +133,7 @@ decrypt_tkt(user, instance, realm, arg, key_proc, cipp)
  * string              sinstance               service's instance
  */
 
-int
+static int
 krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life,
                      preauth_p, preauth_len, cip, byteorder)
     char *user;
@@ -225,17 +233,6 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life,
     /* Check byte order */
     msg_byte_order = t_switch & 1;
     t_switch &= ~1;
-    switch (t_switch) {
-    case AUTH_MSG_KDC_REPLY:
-        break;
-    case AUTH_MSG_ERR_REPLY:
-       if (RPKT_REMAIN < 4)
-           return INTK_PROT;
-       KRB4_GET32(rep_err_code, p, msg_byte_order);
-       return rep_err_code;
-    default:
-        return INTK_PROT;
-    }
 
     /* EXTRACT INFORMATION FROM RETURN PACKET */
 
@@ -249,9 +246,20 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life,
            return INTK_PROT;
        p += len;
     }
-    if (RPKT_REMAIN < 4 + 1 + 4 + 1)
-       return INTK_PROT;
-    p += 4 + 1 + 4 + 1;
+    switch (t_switch) {
+    case AUTH_MSG_KDC_REPLY:
+       if (RPKT_REMAIN < 4 + 1 + 4 + 1)
+           return INTK_PROT;
+       p += 4 + 1 + 4 + 1;
+        break;
+    case AUTH_MSG_ERR_REPLY:
+       if (RPKT_REMAIN < 4)
+           return INTK_PROT;
+       KRB4_GET32(rep_err_code, p, msg_byte_order);
+       return rep_err_code;
+    default:
+        return INTK_PROT;
+    }
 
     /* Extract the ciphertext */
     if (RPKT_REMAIN < 2)
@@ -271,7 +279,7 @@ krb_mk_in_tkt_preauth(user, instance, realm, service, sinstance, life,
     return INTK_OK;
 }
 
-int
+static int
 krb_parse_in_tkt(user, instance, realm, service, sinstance, life, cip,
                 byteorder)
     char *user;