From 8b29c7414a24936287f8485ed094270254abbbfa Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Thu, 7 Mar 2002 01:09:33 +0000
Subject: [PATCH] * ser_actx.c (krb5_auth_context_externalize): Do bounds
 checking on converted size value

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14238 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/lib/krb5/krb/ChangeLog  |  5 +++++
 src/lib/krb5/krb/fwd_tgt.c  | 27 ++++++++++++++++++++++++---
 src/lib/krb5/krb/ser_actx.c |  2 ++
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog
index bbcb51f5d..fdf6a2e36 100644
--- a/src/lib/krb5/krb/ChangeLog
+++ b/src/lib/krb5/krb/ChangeLog
@@ -1,3 +1,8 @@
+2002-03-06  Ken Raeburn  <raeburn@mit.edu>
+
+	* ser_actx.c (krb5_auth_context_externalize): Do bounds checking
+	on converted size value.
+
 2002-02-27  Sam Hartman  <hartmans@mit.edu>
 
 	* rd_cred.c (krb5_rd_cred_basic): Don't check IP addresses; if
diff --git a/src/lib/krb5/krb/fwd_tgt.c b/src/lib/krb5/krb/fwd_tgt.c
index 9c8a1046b..06a1bcd4d 100644
--- a/src/lib/krb5/krb/fwd_tgt.c
+++ b/src/lib/krb5/krb/fwd_tgt.c
@@ -79,9 +79,30 @@ krb5_fwd_tgt_creds(context, auth_context, rhost, client, server, cc,
     if (retval)
       goto errout;
     if (session_key) {
-      enctype = session_key->enctype;
-      krb5_free_keyblock (context, session_key);
-      session_key = NULL;
+	enctype = session_key->enctype;
+	krb5_free_keyblock (context, session_key);
+	session_key = NULL;
+    } else if (server) { /* must server be non-NULL when rhost is given? */
+	/* Try getting credentials to see what the remote side supports.
+	   Not bulletproof, just a heuristic.  */
+	krb5_creds in, *out = 0;
+	memset (&in, 0, sizeof(in));
+
+	retval = krb5_copy_principal (context, server, &in.server);
+	if (retval)
+	    goto punt;
+	retval = krb5_copy_principal (context, client, &in.client);
+	if (retval)
+	    goto punt;
+	retval = krb5_get_credentials (context, 0, cc, &in, &out);
+	if (retval)
+	    goto punt;
+	/* Got the credentials.  Okay, now record the enctype and
+	   throw them away.  */
+	enctype = out->keyblock.enctype;
+	krb5_free_creds (context, out);
+    punt:
+	krb5_free_cred_contents (context, &in);
     }
     
     retval = krb5_os_hostaddr(context, rhost, &addrs);
diff --git a/src/lib/krb5/krb/ser_actx.c b/src/lib/krb5/krb/ser_actx.c
index ec82aaa9e..7844a5e70 100644
--- a/src/lib/krb5/krb/ser_actx.c
+++ b/src/lib/krb5/krb/ser_actx.c
@@ -240,6 +240,8 @@ krb5_auth_context_externalize(kcontext, arg, buffer, lenremain)
 
 	    /* Convert to signed 32 bit integer */
 	    obuf32 = obuf;
+	    if (kret == 0 && obuf != obuf32)
+		kret = EINVAL;
 	    if (!kret)
 		(void) krb5_ser_pack_int32(obuf32, &bp, &remain);
 
-- 
2.26.2