From bc3aa03e3446ac9c0c36dbb3c65c27268dcde837 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Fri, 10 Jun 2011 15:45:13 +0000 Subject: [PATCH] Fix an incorrect shift-and-mask length decoding operation reported by Russ Allbery. ticket: 6907 version_fixed: 1.9.2 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@24958 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/chpw.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib/krb5/krb/chpw.c b/src/lib/krb5/krb/chpw.c index 1488f627e..337ba2d3d 100644 --- a/src/lib/krb5/krb/chpw.c +++ b/src/lib/krb5/krb/chpw.c @@ -379,7 +379,7 @@ krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context, ** validate the message length - ** length is big endian */ - message_length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + message_length = (((ptr[0]&0xff) << 8) | (ptr[1]&0xff)); ptr += 2; /* ** make sure the message length and packet length agree - @@ -389,7 +389,7 @@ krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context, /* ** get the version number - */ - version_number = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + version_number = (((ptr[0]&0xff) << 8) | (ptr[1]&0xff)); ptr += 2; /* ** make sure we support the version returned - @@ -405,7 +405,7 @@ krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context, /* ** get the reply length - */ - ap_rep.length = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + ap_rep.length = (((ptr[0]&0xff) << 8) | (ptr[1]&0xff)); ptr += 2; /* ** validate ap_rep length agrees with the packet length - @@ -468,7 +468,7 @@ krb5int_rd_setpw_rep(krb5_context context, krb5_auth_context auth_context, */ ptr = clearresult.data; - *result_code = (((ptr[0] << 8)&0xff) | (ptr[1]&0xff)); + *result_code = (((ptr[0]&0xff) << 8) | (ptr[1]&0xff)); ptr += 2; /* -- 2.26.2