From: Greg Hudson Date: Sat, 31 Mar 2012 00:38:20 +0000 (+0000) Subject: Fix data handling in rd_req_decoded_opt X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c49954a13ec5ebfecc20b25f68649983522adb03;p=krb5.git Fix data handling in rd_req_decoded_opt We shouldn't peer at trans->tr_contents.data[0] if trans->tr_contents.length is 0, even if the data field is non-null. Harmless as long as the ASN.1 decoder uses null data fields for empty krb5_data values, but still wrong. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25797 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/krb5/krb/rd_req_dec.c b/src/lib/krb5/krb/rd_req_dec.c index 261ac4619..fd3f9f780 100644 --- a/src/lib/krb5/krb/rd_req_dec.c +++ b/src/lib/krb5/krb/rd_req_dec.c @@ -330,7 +330,7 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, krb5_transited *trans = &(req->ticket->enc_part2->transited); /* If the transited list is empty, then we have at most one hop */ - if (trans->tr_contents.data && trans->tr_contents.data[0]) + if (trans->tr_contents.length > 0 && trans->tr_contents.data[0]) retval = KRB5KRB_AP_ERR_ILL_CR_TKT; } @@ -351,7 +351,7 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, * So we also have to check that the client's realm is the local one */ krb5_get_default_realm(context, &lrealm); - if ((trans->tr_contents.data && trans->tr_contents.data[0]) || + if ((trans->tr_contents.length > 0 && trans->tr_contents.data[0]) || !data_eq_string(*realm, lrealm)) { retval = KRB5KRB_AP_ERR_ILL_CR_TKT; } @@ -374,7 +374,7 @@ rd_req_decoded_opt(krb5_context context, krb5_auth_context *auth_context, * transited are within the hierarchy between the client's realm * and the local realm. */ - if (trans->tr_contents.data && trans->tr_contents.data[0]) { + if (trans->tr_contents.length > 0 && trans->tr_contents.data[0]) { retval = krb5_check_transited_list(context, &(trans->tr_contents), realm, krb5_princ_realm (context,server));