From 3b0f7fb81a6e6c61f9744de76d902fecdc299661 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Thu, 2 Jun 1994 16:43:33 +0000 Subject: [PATCH] Always check the sender and receiver addresses. If the receiver is null use the local address. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3673 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/rd_priv.c | 48 +++++++++++++++++++++----------------- src/lib/krb5/krb/rd_safe.c | 39 +++++++++++++++++-------------- 2 files changed, 47 insertions(+), 40 deletions(-) diff --git a/src/lib/krb5/krb/rd_priv.c b/src/lib/krb5/krb/rd_priv.c index 1e51f937b..f069d3272 100644 --- a/src/lib/krb5/krb/rd_priv.c +++ b/src/lib/krb5/krb/rd_priv.c @@ -180,17 +180,6 @@ OLDDECLARG(krb5_data *, outbuf) cleanup_mesg(); return KRB5_RC_REQUIRED; } - if (!krb5_address_compare(sender_addr, privmsg_enc_part->s_address)) { - cleanup_data(); - cleanup_mesg(); - return KRB5KRB_AP_ERR_BADADDR; - } - if (recv_addr && privmsg_enc_part->r_address && - !krb5_address_compare(recv_addr, privmsg_enc_part->r_address)) { - cleanup_data(); - cleanup_mesg(); - return KRB5KRB_AP_ERR_BADADDR; - } if (retval = krb5_gen_replay_name(sender_addr, "_priv", &replay.client)) { cleanup_data(); @@ -216,21 +205,36 @@ OLDDECLARG(krb5_data *, outbuf) return KRB5KRB_AP_ERR_BADORDER; } + if (!krb5_address_compare(sender_addr, privmsg_enc_part->s_address)) { + cleanup_data(); + cleanup_mesg(); + return KRB5KRB_AP_ERR_BADADDR; + } + if (privmsg_enc_part->r_address) { - krb5_address **our_addrs; + if (recv_addr) { + if (!krb5_address_compare(recv_addr, + privmsg_enc_part->r_address)) { + cleanup_data(); + cleanup_mesg(); + return KRB5KRB_AP_ERR_BADADDR; + } + } else { + krb5_address **our_addrs; - if (retval = krb5_os_localaddr(&our_addrs)) { - cleanup_data(); - cleanup_mesg(); - return retval; - } - if (!krb5_address_search(privmsg_enc_part->r_address, our_addrs)) { + if (retval = krb5_os_localaddr(&our_addrs)) { + cleanup_data(); + cleanup_mesg(); + return retval; + } + if (!krb5_address_search(privmsg_enc_part->r_address, our_addrs)) { + krb5_free_addresses(our_addrs); + cleanup_data(); + cleanup_mesg(); + return KRB5KRB_AP_ERR_BADADDR; + } krb5_free_addresses(our_addrs); - cleanup_data(); - cleanup_mesg(); - return KRB5KRB_AP_ERR_BADADDR; } - krb5_free_addresses(our_addrs); } /* everything is ok - return data to the user */ diff --git a/src/lib/krb5/krb/rd_safe.c b/src/lib/krb5/krb/rd_safe.c index b884e1660..c59de80d4 100644 --- a/src/lib/krb5/krb/rd_safe.c +++ b/src/lib/krb5/krb/rd_safe.c @@ -105,15 +105,6 @@ krb5_data *outbuf; cleanup(); return KRB5_RC_REQUIRED; } - if (!krb5_address_compare(sender_addr, message->s_address)) { - cleanup(); - return KRB5KRB_AP_ERR_BADADDR; - } - if (recv_addr && message->r_address && - !krb5_address_compare(recv_addr, message->r_address)) { - cleanup(); - return KRB5KRB_AP_ERR_BADADDR; - } if (retval = krb5_gen_replay_name(sender_addr, "_safe", &replay.client)) { cleanup(); @@ -136,19 +127,31 @@ krb5_data *outbuf; return KRB5KRB_AP_ERR_BADORDER; } + if (!krb5_address_compare(sender_addr, message->s_address)) { + cleanup(); + return KRB5KRB_AP_ERR_BADADDR; + } + if (message->r_address) { - krb5_address **our_addrs; + if (recv_addr) { + if (!krb5_address_compare(recv_addr, message->r_address)) { + cleanup(); + return KRB5KRB_AP_ERR_BADADDR; + } + } else { + krb5_address **our_addrs; - if (retval = krb5_os_localaddr(&our_addrs)) { - cleanup(); - return retval; - } - if (!krb5_address_search(message->r_address, our_addrs)) { + if (retval = krb5_os_localaddr(&our_addrs)) { + cleanup(); + return retval; + } + if (!krb5_address_search(message->r_address, our_addrs)) { + krb5_free_addresses(our_addrs); + cleanup(); + return KRB5KRB_AP_ERR_BADADDR; + } krb5_free_addresses(our_addrs); - cleanup(); - return KRB5KRB_AP_ERR_BADADDR; } - krb5_free_addresses(our_addrs); } /* verify the checksum */ -- 2.26.2