oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: Check authdata in ticket rather than in request body

Browse Source 
This matches Windows behaviour and the RFC6113 specification.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
2021-11-16 20:01:16 +13:00
committed by Luke Howard
parent 313caed18a
commit 0ea840ebfc
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kdc/krb5tgs.c
View File

@@ -1199,12 +1199,12 @@ next_kvno:
ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */
goto out; goto out;
} }
ret = validate_fast_ad(r, *auth_data);
if (ret)
goto out;
} }
ret = validate_fast_ad(r, (*ticket)->ticket.authorization_data);
if (ret)
goto out;
/* /*
* Check for FAST request * Check for FAST request