always check for error token in case of a failure

2010-11-08 13:40:01 -08:00
parent 526aeef0c7
commit 2e31740f62
1 changed files with 13 additions and 14 deletions
--- a/lib/gssapi/krb5/init_sec_context.c
+++ b/lib/gssapi/krb5/init_sec_context.c
@@ -768,22 +768,21 @@ repl_mutual
 	/* There is no OID wrapping. */
 	indata.length	= input_token->length;
 	indata.data	= input_token->value;
-	kret = krb5_rd_rep (context,
-			    ctx->auth_context,
-			    &indata,
-			    &repl);
-	if (kret >= ASN1_BAD_TIMEFORMAT && kret <= ASN1_INDEF_EXTRA_DATA) {
-	    ret = _gsskrb5_decapsulate (minor_status,
-					input_token,
-					&indata,
-					"\x03\x00",
-					GSS_KRB5_MECHANISM);
+	kret = krb5_rd_rep(context,
+			   ctx->auth_context,
+			   &indata,
+			   &repl);
+	if (kret) {
+	    ret = _gsskrb5_decapsulate(minor_status,
+				       input_token,
+				       &indata,
+				       "\x03\x00",
+				       GSS_KRB5_MECHANISM);
 	    if (ret == GSS_S_COMPLETE) {
-		    *minor_status = handle_error_packet(context, ctx, indata);
-		    return GSS_S_FAILURE;
+		*minor_status = handle_error_packet(context, ctx, indata);
+	    } else {
+		*minor_status = kret;
 	    }
-	} else if (kret) {
-	    *minor_status = kret;
 	    return GSS_S_FAILURE;
 	}
    } else {