From: John Kohl Date: Thu, 3 Jan 1991 17:37:29 +0000 (+0000) Subject: make sure ap_req checksum is collision proof, X-Git-Tag: krb5-1.0-alpha4~359 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=f7997b606f624c2152a710ce45104aabdb4250f2;p=krb5.git make sure ap_req checksum is collision proof, and do better error message returns. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1612 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index fc4b11709..8fa33bc6b 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -150,7 +150,10 @@ krb5_ticket **ticket; if (retval = decode_krb5_ap_req(&scratch2, &apreq)) return retval; -#define cleanup_apreq() {krb5_free_ap_req(apreq); *ticket = 0;} + *ticket = apreq->ticket; + + /* the caller will free the ticket when cleaning up */ +#define cleanup_apreq() {apreq->ticket = 0; krb5_free_ap_req(apreq);} #ifdef notdef /* XXX why copy here? */ @@ -225,6 +228,13 @@ krb5_ticket **ticket; cleanup_apreq(); return KRB5KDC_ERR_SUMTYPE_NOSUPP; } + /* must be collision proof */ + if (!is_coll_proof_cksum(our_cksum.checksum_type)) { + krb5_free_authenticator(authdat.authenticator); + krb5_free_ticket(authdat.ticket); + cleanup_apreq(); + return KRB5KRB_AP_ERR_INAPP_CKSUM; + } /* check application checksum vs. tgs request */ if (!(our_cksum.contents = (krb5_octet *) @@ -275,9 +285,7 @@ krb5_ticket **ticket; /* ticket already filled in by rd_req_dec, so free the ticket */ krb5_free_ticket(authdat.ticket); - *ticket = apreq->ticket; - apreq->ticket = 0; - krb5_free_ap_req(apreq); + cleanup_apreq(); return 0; }