From 244db0dc5ebfe7be1c5e9eca974a4cc27265efe9 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Wed, 9 May 1990 17:07:32 +0000 Subject: [PATCH] changes for new encryption & checksum interface add in checksum-checking code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@813 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kdc/kdc_util.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/src/kdc/kdc_util.c b/src/kdc/kdc_util.c index a87c421f2..9a660c99f 100644 --- a/src/kdc/kdc_util.c +++ b/src/kdc/kdc_util.c @@ -121,7 +121,8 @@ const krb5_fulladdr *from; if (retval = (*eblock.crypto_entry->decrypt_func)((krb5_pointer) tgs_req->tgs_request2->enc_part.data, (krb5_pointer) scratch.data, - scratch.length, &eblock)) { + scratch.length, &eblock, + 0)) { (void) (*eblock.crypto_entry->finish_key)(&eblock); free(scratch.data); return retval; @@ -260,17 +261,33 @@ const krb5_fulladdr *from; } /* check application checksum vs. tgs request */ #ifdef notdef + if (!(our_cksum.contents = (krb5_octet *) + malloc(krb5_cksumarray[our_cksum.checksum_type]->checksum_length))) { + krb5_free_authenticator(authdat.authenticator); + krb5_free_ticket(authdat.ticket); + return ENOMEM; /* XXX cktype nosupp */ + } if (retval = (*krb5_cksumarray[our_cksum.checksum_type]-> sum_func)(in, /* where to? */ - NULL, /* don't produce output */ - authdat.ticket->enc_part2->session->contents, /* seed */ in_length, /* input length */ + authdat.ticket->enc_part2->session->contents, /* seed */ authdat.ticket->enc_part2->session->length, /* seed length */ &our_cksum)) { krb5_free_authenticator(authdat.authenticator); krb5_free_ticket(authdat.ticket); + xfree(our_cksum.contents); + return retval; + } + if (our_cksum.length != authdat.authenticator->checksum->length || + bcmp((char *)our_cksum.contents, + (char *)authdat.authenticator->checksum->contents, + our_cksum.length)) { + krb5_free_authenticator(authdat.authenticator); + krb5_free_ticket(authdat.ticket); + xfree(our_cksum.contents); return KRB5KRB_AP_ERR_BAD_INTEGRITY; /* XXX wrong code? */ } + xfree(our_cksum.contents); #endif /* don't need authenticator anymore */ krb5_free_authenticator(authdat.authenticator); -- 2.26.2