From 9197e316ed76a410df534437a07f48464544fa7c Mon Sep 17 00:00:00 2001 From: Ken Raeburn Date: Mon, 23 Feb 2004 21:25:17 +0000 Subject: [PATCH] * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation for confidential CFX tokens. ticket: 2266 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16107 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/ChangeLog | 5 +++++ src/lib/gssapi/krb5/wrap_size_limit.c | 20 ++++++++++++++------ 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 7a02d16fc..61dff02ff 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,8 @@ +2004-02-23 Ken Raeburn + + * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation + for confidential CFX tokens. + 2004-02-09 Ken Raeburn * ser_sctx.c (kg_oid_externalize): Check for errors. diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c index 59bf30e4c..b91c7f759 100644 --- a/src/lib/gssapi/krb5/wrap_size_limit.c +++ b/src/lib/gssapi/krb5/wrap_size_limit.c @@ -118,19 +118,27 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag, if (conf_req_flag) { while (sz > 0 && krb5_encrypt_size(sz, ctx->enc->enctype) + 16 > req_output_size) sz--; + /* Allow for encrypted copy of header. */ + if (sz > 16) + sz -= 16; + else + sz = 0; +#ifdef CFX_EXERCISE + /* Allow for EC padding. In the MIT implementation, only + added while testing. */ + if (sz > 65535) + sz -= 65535; + else + sz = 0; +#endif } else { + /* Allow for token header and checksum. */ if (sz < 16 + ctx->cksum_size) sz = 0; else sz -= (16 + ctx->cksum_size); } - /* While testing only! */ - if (sz < 65536) - sz = 0; - else - sz -= 65535; - *max_input_size = sz; *minor_status = 0; return GSS_S_COMPLETE; -- 2.26.2