From 03a4e6eefb90253c426fda8dfc66d908017c16d6 Mon Sep 17 00:00:00 2001
From: Johan Danielsson <joda@pdc.kth.se>
Date: Fri, 18 Jul 1997 23:18:29 +0000
Subject: [PATCH] Verify nonce in reply.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2446 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/get_cred.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c
index 7c86e9f4e..565c2719a 100644
--- a/lib/krb5/get_cred.c
+++ b/lib/krb5/get_cred.c
@@ -159,7 +159,7 @@ krb5_get_kdc_cred(krb5_context context,
      */
 
     ret = krb5_sendto_kdc (context, &enc, &in_creds->server->realm, &resp);
-    if (ret)
+
 	goto out;
 
     memset(&rep, 0, sizeof(rep));
@@ -169,6 +169,8 @@ krb5_get_kdc_cred(krb5_context context,
 			     NULL,
 			     NULL,
 			     NULL);
+	if(ret == 0 && rep.part2.nonce != req.req_body.nonce)
+	    ret = KRB5KRB_AP_ERR_MODIFIED;
 	krb5_free_kdc_rep(context, &rep);
     }else if(decode_KRB_ERROR(resp.data, resp.length, &error, &len) == 0){
 #if 0