+2001-10-04 Tom Yu <tlyu@mit.edu>
+
+ * accept_sec_context.c (krb5_gss_accept_sec_context): Ignore
+ unrecognized options properly. [krb5-libs/738]
+
2001-10-03 Ken Raeburn <raeburn@mit.edu>
* copy_ccache.c, get_tkt_flags.c, gssapi_krb5.h, krb5_gss_glue.c,
i = authdat->checksum->length - 24;
- while(i>0) {
+ while (i >= 4) {
TREAD_INT16(ptr, option_id, bigend);
- switch(option_id) {
+ TREAD_INT16(ptr, option.length, bigend);
- case KRB5_GSS_FOR_CREDS_OPTION:
+ i -= 4;
+
+ /* have to use ptr2, since option.data is wrong type and
+ macro uses ptr as both lvalue and rvalue */
+
+ if (i < option.length || option.length < 0) {
+ code = KG_BAD_LENGTH;
+ major_status = GSS_S_FAILURE;
+ goto fail;
+ }
- TREAD_INT16(ptr, option.length, bigend);
+ TREAD_STR(ptr, ptr2, bigend);
+ option.data = (char FAR *) ptr2;
- /* have to use ptr2, since option.data is wrong type and
- macro uses ptr as both lvalue and rvalue */
+ i -= option.length;
- TREAD_STR(ptr, ptr2, bigend);
- option.data = (char FAR *) ptr2;
+ switch(option_id) {
+
+ case KRB5_GSS_FOR_CREDS_OPTION:
/* store the delegated credential */
goto fail;
}
- i -= option.length + 4;
-
gss_flags |= GSS_C_DELEG_FLAG; /* got a delegation */
break;
projects / krb5.git / commitdiff