bug-compatible with MIT

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@2255 ec53bebd-3082-4978-b11e-865c3cabbd6b
1997-07-13 07:27:07 +00:00
parent 9a3939461e
commit 38250db965
2 changed files with 49 additions and 15 deletions
--- a/lib/krb5/mk_safe.c
+++ b/lib/krb5/mk_safe.c
@@ -17,16 +17,9 @@ krb5_mk_safe(krb5_context context,
  size_t len;
  unsigned tmp_seq;

-  r = krb5_create_checksum (context,
-			    auth_context->cksumtype,
-			    userdata->data,
-			    userdata->length,
-			    &s.cksum);
-  if (r)
-    return r;
-
  s.pvno = 5;
  s.msg_type = krb_safe;
+
  s.safe_body.user_data = *userdata;
  gettimeofday (&tv, NULL);
  usec = tv.tv_usec;
@@ -41,9 +34,31 @@ krb5_mk_safe(krb5_context context,
  s.safe_body.s_address = auth_context->local_address;
  s.safe_body.r_address = auth_context->remote_address;

+  s.cksum.cksumtype       = 0;
+  s.cksum.checksum.data   = NULL;
+  s.cksum.checksum.length = 0;
+
+  r = encode_KRB_SAFE (buf + sizeof(buf) - 1,
+		       sizeof(buf),
+		       &s,
+		       &len);
+
+  if (r)
+    return r;
+
+  r = krb5_create_checksum (context,
+			    auth_context->cksumtype,
+			    buf + sizeof(buf) - len,
+			    len,
+			    &auth_context->key,
+			    &s.cksum);
+  if (r)
+    return r;
+
  r = encode_KRB_SAFE (buf + sizeof(buf) - 1, sizeof(buf), &s, &len);
  if (r)
    return r;
+
  outbuf->length = len;
  outbuf->data   = malloc (len);
  if (outbuf->data == NULL)
--- a/lib/krb5/rd_safe.c
+++ b/lib/krb5/rd_safe.c
@@ -25,7 +25,7 @@ krb5_rd_safe(krb5_context context,
      goto failure;
  }
  /* XXX - checksum collision-proff and keyed */
-  if (safe.cksum.cksumtype != CKSUMTYPE_RSA_MD4) {
+  if (safe.cksum.cksumtype != CKSUMTYPE_RSA_MD5_DES) {
      r = KRB5KRB_AP_ERR_INAPP_CKSUM;
      goto failure;
  }
@@ -74,12 +74,31 @@ krb5_rd_safe(krb5_context context,
      }
  }

+  {
+      u_char buf[1024];
+      size_t len;
+      Checksum c;
+
+      copy_Checksum (&safe.cksum, &c);
+      
+      safe.cksum.cksumtype       = 0;
+      safe.cksum.checksum.data   = NULL;
+      safe.cksum.checksum.length = 0;
+
+      encode_KRB_SAFE (buf + sizeof(buf) - 1,
+		       sizeof(buf),
+		       &safe,
+		       &len);
+
      r = krb5_verify_checksum (context,
-			    safe.safe_body.user_data.data,
-			    safe.safe_body.user_data.length,
-			    &safe.cksum);
+				buf + sizeof(buf) - len,
+				len,
+				&auth_context->key,
+				&c);
+      free_Checksum (&c);
      if (r)
 	  goto failure;
+  }
  outbuf->length = safe.safe_body.user_data.length;
  outbuf->data   = malloc(outbuf->length);
  if (outbuf->data == NULL) {