From 2f2de1961ba742abd850a6ee318bc814566b6ff3 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Fri, 19 Apr 1991 13:19:22 +0000 Subject: [PATCH] compare network addreses git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1998 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/rd_priv.c | 6 +++++- src/lib/krb5/krb/rd_safe.c | 6 ++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 0f9781090..5a7e08a22 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -166,6 +166,11 @@ OLDDECLARG(krb5_data *, outbuf) cleanup_mesg(); return KRB5_RC_REQUIRED; } + if (!krb5_address_compare(sender_addr, privmsg_enc_part->s_address)) { + cleanup_data(); + cleanup_mesg(); + return KRB5KRB_AP_ERR_BADADDR; + } if (retval = krb5_gen_replay_name(sender_addr, "_priv", &replay.client)) { cleanup_data(); @@ -207,7 +212,6 @@ OLDDECLARG(krb5_data *, outbuf) } krb5_free_address(our_addrs); } - /* XXX check sender's address */ /* everything is ok - return data to the user */ diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index f27e71ea4..5588010bc 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -87,6 +87,10 @@ krb5_data *outbuf; cleanup(); return KRB5_RC_REQUIRED; } + if (!krb5_address_compare(sender_addr, message->s_address)) { + cleanup(); + return KRB5KRB_AP_ERR_BADADDR; + } if (retval = krb5_gen_replay_name(sender_addr, "_safe", &replay.client)) { cleanup(); @@ -124,8 +128,6 @@ krb5_data *outbuf; krb5_free_address(our_addrs); } - /* XXX check sender's address */ - /* verify the checksum */ /* to do the checksum stuff, we need to re-encode the message with a zero-length zero-type checksum, then checksum the encoding, and verify. -- 2.26.2