From 405d2be7c46c0a0621ecb10470f704c96fda3711 Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Tue, 1 Jul 1997 23:54:55 +0000 Subject: [PATCH] Update to use new decode/encode syntax. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1952 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kdc/connect.c | 19 +++---- kdc/kerberos5.c | 69 +++++++++++++----------- lib/krb5/build_ap_req.c | 5 +- lib/krb5/build_auth.c | 2 +- lib/krb5/get_cred.c | 75 +++++++++++++------------- lib/krb5/get_in_tkt.c | 116 +++++++++++++++++++++------------------- lib/krb5/mk_error.c | 2 +- lib/krb5/mk_priv.c | 12 ++--- lib/krb5/mk_rep.c | 6 +-- lib/krb5/mk_safe.c | 6 +-- lib/krb5/rd_priv.c | 24 ++++----- lib/krb5/rd_rep.c | 17 +++--- lib/krb5/rd_req.c | 20 +++---- lib/krb5/rd_safe.c | 8 +-- 14 files changed, 195 insertions(+), 186 deletions(-) diff --git a/kdc/connect.c b/kdc/connect.c index 40af5a027..b031cf78b 100644 --- a/kdc/connect.c +++ b/kdc/connect.c @@ -59,20 +59,15 @@ process_request(krb5_context context, { KDC_REQ req; krb5_error_code err; - int i; + size_t i; gettimeofday(&now, NULL); - if (maybe_AS_REQ(buf, len)){ - i = decode_AS_REQ(buf, len, &req); - if(i >= 0){ - err = as_rep(context, &req, reply); - free_AS_REQ(&req); - return err; - } - } - if (maybe_TGS_REQ(buf, len)){ - i = decode_TGS_REQ(buf, len, &req); - if(i >= 0){ + if(decode_AS_REQ(buf, len, &req, &i) == 0){ + err = as_rep(context, &req, reply); + free_AS_REQ(&req); + return err; + }else{ + if(decode_TGS_REQ(buf, len, &req, &i) == 0){ err = tgs_rep(context, &req, reply); free_TGS_REQ(&req); return err; diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index f3f04a1c2..6304b8b2a 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -21,6 +21,7 @@ as_rep(krb5_context context, EncTicketPart *et = calloc(1, sizeof(*et)); EncKDCRepPart *ek = calloc(1, sizeof(*ek)); krb5_principal client_princ; + int e; client = db_fetch(context, b->cname, b->realm); server = db_fetch(context, b->sname, b->realm); @@ -48,9 +49,10 @@ as_rep(krb5_context context, foo.padata_value.length = 0; foo.padata_value.data = NULL; - len = encode_PA_DATA(buf + sizeof(buf) - 1, - sizeof(buf), - &foo); + encode_PA_DATA(buf + sizeof(buf) - 1, + sizeof(buf), + &foo, + &len); foo_data.length = len; foo_data.data = buf + sizeof(buf) - len; @@ -64,13 +66,14 @@ as_rep(krb5_context context, } else { krb5_data ts_data; PA_ENC_TS_ENC p; - int len; + size_t len; EncryptedData enc_data; - len = decode_EncryptedData(req->padata->val->padata_value.data, - req->padata->val->padata_value.length, - &enc_data); - if (len < 0) { + e = decode_EncryptedData(req->padata->val->padata_value.data, + req->padata->val->padata_value.length, + &enc_data, + &len); + if (e) { krb5_mk_error (client_princ, KRB5KRB_AP_ERR_BAD_INTEGRITY, "Couldn't decode", @@ -84,10 +87,11 @@ as_rep(krb5_context context, enc_data.cipher.length, &client->keyblock, &ts_data); - len = decode_PA_ENC_TS_ENC(ts_data.data, - ts_data.length, - &p); - if (len < 0) { + e = decode_PA_ENC_TS_ENC(ts_data.data, + ts_data.length, + &p, + &len); + if (e) { krb5_mk_error (client_princ, KRB5KRB_AP_ERR_BAD_INTEGRITY, "Couldn't decode", @@ -206,31 +210,31 @@ as_rep(krb5_context context, { unsigned char buf[1024]; /* XXX The data could be indefinite */ int len; - len = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et); + e = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et, &len); free_EncTicketPart(et); free(et); - if(len < 0) - return ASN1_OVERFLOW; + if(e) + return e; rep.ticket.enc_part.etype = ETYPE_DES_CBC_CRC; rep.ticket.enc_part.kvno = NULL; krb5_encrypt(context, buf + sizeof(buf) - len, len, &server->keyblock, &rep.ticket.enc_part.cipher); - len = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf), ek); + e = encode_EncASRepPart(buf + sizeof(buf) - 1, sizeof(buf), ek, &len); free_EncKDCRepPart(ek); free(ek); - if(len < 0) - return ASN1_OVERFLOW; + if(e) + return e; rep.enc_part.etype = ETYPE_DES_CBC_CRC; rep.enc_part.kvno = NULL; krb5_encrypt(context, buf + sizeof(buf) - len, len, &client->keyblock, &rep.enc_part.cipher); - len = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep); - if(len < 0) - return ASN1_OVERFLOW; + e = encode_AS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep, &len); + if(e) + return e; free_AS_REP(&rep); krb5_data_copy(data, buf + sizeof(buf) - len, len); @@ -453,18 +457,21 @@ tgs_rep(krb5_context context, { unsigned char buf[1024]; /* XXX The data could be indefinite */ - int len; - len = encode_EncTicketPart(buf + sizeof(buf) - 1, sizeof(buf), et); - if(len < 0) - return ASN1_OVERFLOW; + size_t len; + int e; + e = encode_EncTicketPart(buf + sizeof(buf) - 1, + sizeof(buf), et, &len); + if(e) + return e; rep.ticket.enc_part.etype = ETYPE_DES_CBC_CRC; rep.ticket.enc_part.kvno = NULL; krb5_encrypt(context, buf + sizeof(buf) - len, len, &server->keyblock, &rep.ticket.enc_part.cipher); - len = encode_EncTGSRepPart(buf + sizeof(buf) - 1, sizeof(buf), ek); - if(len < 0) - return ASN1_OVERFLOW; + e = encode_EncTGSRepPart(buf + sizeof(buf) - 1, + sizeof(buf), ek, &len); + if(e) + return e; rep.enc_part.etype = ETYPE_DES_CBC_CRC; rep.enc_part.kvno = NULL; { @@ -475,9 +482,9 @@ tgs_rep(krb5_context context, &rep.enc_part.cipher); } - len = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep); - if(len < 0) - return ASN1_OVERFLOW; + e = encode_TGS_REP(buf + sizeof(buf) - 1, sizeof(buf), &rep, &len); + if(e) + return e; free_TGS_REP(&rep); krb5_data_copy(data, buf + sizeof(buf) - len, len); } diff --git a/lib/krb5/build_ap_req.c b/lib/krb5/build_ap_req.c index a290829ab..e3b88c1ab 100644 --- a/lib/krb5/build_ap_req.c +++ b/lib/krb5/build_ap_req.c @@ -11,6 +11,7 @@ krb5_build_ap_req (krb5_context context, { AP_REQ ap; Ticket t; + size_t len; ap.pvno = 5; ap.msg_type = krb_ap_req; @@ -30,7 +31,7 @@ krb5_build_ap_req (krb5_context context, krb5_principal2principalname(&ap.ticket.sname, cred->server); #endif - decode_Ticket(cred->ticket.data, cred->ticket.length, &t); + decode_Ticket(cred->ticket.data, cred->ticket.length, &t, &len); copy_EncryptedData(&t.enc_part, &ap.ticket.enc_part); free_Ticket(&t); @@ -40,7 +41,7 @@ krb5_build_ap_req (krb5_context context, ret->length = length_AP_REQ(&ap); ret->data = malloc(ret->length); - encode_AP_REQ((char *)ret->data + ret->length - 1, ret->length, &ap); + encode_AP_REQ((char *)ret->data + ret->length - 1, ret->length, &ap, &len); free_AP_REQ(&ap); return 0; diff --git a/lib/krb5/build_auth.c b/lib/krb5/build_auth.c index 67a48f12d..ba2df77b5 100644 --- a/lib/krb5/build_auth.c +++ b/lib/krb5/build_auth.c @@ -51,7 +51,7 @@ krb5_build_authenticator (krb5_context context, } memset (buf, 0, sizeof(buf)); - len = encode_Authenticator (buf + sizeof(buf) - 1, sizeof(buf), auth); + ret = encode_Authenticator (buf + sizeof(buf) - 1, sizeof(buf), auth, &len); ret = krb5_encrypt (context, buf + sizeof(buf) - len, len, &cred->session, result); diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index 7a7c5cfdc..379bc721a 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -27,7 +27,7 @@ krb5_get_credentials (krb5_context context, krb5_creds *in_creds, krb5_creds **out_creds) { - krb5_error_code err; + krb5_error_code ret; TGS_REQ a; Authenticator auth; krb5_data authenticator; @@ -50,12 +50,12 @@ krb5_get_credentials (krb5_context context, *out_creds = malloc(sizeof(**out_creds)); memset(*out_creds, 0, sizeof(**out_creds)); - err = krb5_cc_retrieve_cred(context, ccache, 0, in_creds, *out_creds); - if (err == 0) - return err; - else if (err != KRB5_CC_END) { + ret = krb5_cc_retrieve_cred(context, ccache, 0, in_creds, *out_creds); + if (ret == 0) + return ret; + else if (ret != KRB5_CC_END) { free(*out_creds); - return err; + return ret; } /* @@ -64,18 +64,18 @@ krb5_get_credentials (krb5_context context, memset(&a, 0, sizeof(a)); - err = krb5_get_default_in_tkt_etypes (context, + ret = krb5_get_default_in_tkt_etypes (context, (krb5_enctype**)&a.req_body.etype.val); - if (err) - return err; + if (ret) + return ret; a.req_body.etype.len = 1; a.req_body.addresses = malloc(sizeof(*a.req_body.addresses)); - err = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses); - if (err) - return err; + ret = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses); + if (ret) + return ret; a.pvno = 5; a.msg_type = krb_tgs_req; @@ -111,38 +111,38 @@ krb5_get_credentials (krb5_context context, int len; krb5_creds tmp_cred; - len = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf), - &a.req_body); + ret = encode_KDC_REQ_BODY(buf + sizeof(buf) - 1, sizeof(buf), + &a.req_body, &len); in_data.length = len; in_data.data = buf + sizeof(buf) - len; tmp_cred.client = NULL; - err = krb5_build_principal(context, + ret = krb5_build_principal(context, &tmp_cred.server, strlen(a.req_body.realm), a.req_body.realm, "krbtgt", a.req_body.realm, NULL); - if (err) - return err; + if (ret) + return ret; - err = krb5_get_credentials (context, + ret = krb5_get_credentials (context, 0, ccache, &tmp_cred, out_creds); - if (err) - return err; + if (ret) + return ret; - err = krb5_mk_req_extended(context, + ret = krb5_mk_req_extended(context, &ac, 0, &in_data, *out_creds, &foo.padata_value); - if(err) - return err; + if(ret) + return ret; foo.padata_type = pa_tgs_req; } @@ -155,8 +155,8 @@ krb5_get_credentials (krb5_context context, * Encode */ - req.length = encode_TGS_REQ (buf + sizeof (buf) - 1, sizeof(buf), &a); - req.data = buf + sizeof(buf) - req.length; + encode_TGS_REQ (buf + sizeof (buf) - 1, sizeof(buf), &a, &req.length); + req.data = buf + sizeof(buf) - req.length; for (i = 0; i < a.req_body.addresses->len; ++i) krb5_data_free (&a.req_body.addresses->val[i].address); @@ -168,21 +168,21 @@ krb5_get_credentials (krb5_context context, { TGS_REQ xx; - decode_TGS_REQ (req.data, req.length, &xx); + size_t size; + decode_TGS_REQ (req.data, req.length, &xx, &size); req.length = req.length; } - err = krb5_sendto_kdc (context, &req, &in_creds->server->realm, &resp); - if (err) { - return err; + ret = krb5_sendto_kdc (context, &req, &in_creds->server->realm, &resp); + if (ret) { + return ret; } switch(((unsigned char*)resp.data)[0] & 0x1f){ case krb_error:{ krb5_principal princ; char *name; - len = decode_KRB_ERROR(resp.data, resp.length, &error); - if(len < 0) - return ASN1_PARSE_ERROR; + ret = decode_KRB_ERROR(resp.data, resp.length, &error, &len); + if(ret) return ret; principalname2krb5_principal(&princ, error.sname, error.realm); krb5_unparse_name(context, princ, &name); fprintf(stderr, "Error: %s", name); @@ -193,16 +193,15 @@ krb5_get_credentials (krb5_context context, break; } case krb_tgs_rep: - len = decode_TGS_REP(resp.data, resp.length, &rep.part1); - if(len < 0) - return ASN1_PARSE_ERROR; - err = extract_ticket(context, &rep, *out_creds, + ret = decode_TGS_REP(resp.data, resp.length, &rep.part1, &len); + if(ret) return ret; + ret = extract_ticket(context, &rep, *out_creds, &(*out_creds)->session, NULL, NULL, NULL); - if(err) - return err; + if(ret) + return ret; return krb5_cc_store_cred (context, ccache, *out_creds); break; } diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c index 74bbfc0dc..e3fe49037 100644 --- a/lib/krb5/get_in_tkt.c +++ b/lib/krb5/get_in_tkt.c @@ -10,6 +10,7 @@ decrypt_tkt (krb5_context context, { krb5_error_code ret; krb5_data data; + size_t size; ret = krb5_decrypt (context, dec_rep->part1.enc_part.cipher.data, @@ -17,18 +18,19 @@ decrypt_tkt (krb5_context context, key, &data); if (ret) - return ret; + return ret; ret = decode_EncASRepPart(data.data, data.length, - &dec_rep->part2); - if (ret < 0) - ret = decode_EncTGSRepPart(data.data, - data.length, - &dec_rep->part2); + &dec_rep->part2, + &size); + if (ret) + ret = decode_EncTGSRepPart(data.data, + data.length, + &dec_rep->part2, + &size); krb5_data_free (&data); - if (ret < 0) - return ASN1_PARSE_ERROR; + if (ret) return ret; return 0; } @@ -51,8 +53,8 @@ extract_ticket(krb5_context context, { char buf[1024]; int len; - len = encode_Ticket(buf + sizeof(buf) - 1, sizeof(buf), - &rep->part1.ticket); + encode_Ticket(buf + sizeof(buf) - 1, sizeof(buf), + &rep->part1.ticket, &len); creds->ticket.data = malloc(len); memcpy(creds->ticket.data, buf + sizeof(buf) - len, len); creds->ticket.length = len; @@ -144,7 +146,7 @@ krb5_get_in_tkt(krb5_context context, krb5_ccache ccache, krb5_kdc_rep **ret_as_reply) { - krb5_error_code err; + krb5_error_code ret; AS_REQ a; krb5_kdc_rep rep; krb5_data req, resp; @@ -152,6 +154,7 @@ krb5_get_in_tkt(krb5_context context, char buf[BUFSIZ]; krb5_data salt; krb5_keyblock *key; + size_t size; memset(&a, 0, sizeof(a)); @@ -175,10 +178,10 @@ krb5_get_in_tkt(krb5_context context, if (etypes) abort (); else { - err = krb5_get_default_in_tkt_etypes (context, + ret = krb5_get_default_in_tkt_etypes (context, (krb5_enctype**)&a.req_body.etype.val); - if (err) - return err; + if (ret) + return ret; a.req_body.etype.len = 1; } if (addrs){ @@ -186,9 +189,9 @@ krb5_get_in_tkt(krb5_context context, } else { a.req_body.addresses = malloc(sizeof(*a.req_body.addresses)); - err = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses); - if (err) - return err; + ret = krb5_get_all_client_addrs ((krb5_addresses*)a.req_body.addresses); + if (ret) + return ret; } a.req_body.enc_authorization_data = NULL; a.req_body.additional_tickets = NULL; @@ -202,16 +205,16 @@ krb5_get_in_tkt(krb5_context context, salt.length = 0; salt.data = NULL; - err = krb5_get_salt (creds->client, &salt); + ret = krb5_get_salt (creds->client, &salt); - if (err) - return err; + if (ret) + return ret; - err = (*key_proc)(context, *(a.req_body.etype.val), &salt, + ret = (*key_proc)(context, *(a.req_body.etype.val), &salt, keyseed, &key); krb5_data_free (&salt); - if (err) - return err; + if (ret) + return ret; /* not sure this is the way to use `ptypes' */ if (ptypes == NULL || *ptypes == KRB5_PADATA_NONE) @@ -220,7 +223,7 @@ krb5_get_in_tkt(krb5_context context, PA_ENC_TS_ENC p; u_char buf[1024]; struct timeval tv; - int len; + size_t len; unsigned foo; EncryptedData encdata; @@ -229,11 +232,12 @@ krb5_get_in_tkt(krb5_context context, foo = tv.tv_usec; p.pausec = &foo; - len = encode_PA_ENC_TS_ENC(buf + sizeof(buf) - 1, + ret = encode_PA_ENC_TS_ENC(buf + sizeof(buf) - 1, sizeof(buf), - &p); - if (len < 0) - return ASN1_PARSE_ERROR; + &p, + &len); + if (ret) + return ret; a.padata = malloc(sizeof(*a.padata)); a.padata->len = 1; @@ -243,59 +247,63 @@ krb5_get_in_tkt(krb5_context context, encdata.etype = ETYPE_DES_CBC_CRC; encdata.kvno = NULL; - err = krb5_encrypt (context, + ret = krb5_encrypt (context, buf + sizeof(buf) - len, len, key, &encdata.cipher); - if (err) - return err; + if (ret) + return ret; - len = encode_EncryptedData(buf + sizeof(buf) - 1, + ret = encode_EncryptedData(buf + sizeof(buf) - 1, sizeof(buf), - &encdata); + &encdata, + &len); krb5_data_free(&encdata.cipher); - if (len < 0) - return ASN1_PARSE_ERROR; + if (ret) + return ret; krb5_data_copy(&a.padata->val->padata_value, buf + sizeof(buf) - len, len); } else return KRB5_PREAUTH_BAD_TYPE; - req.length = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1, - sizeof(buf), - &a); - if (req.length < 0){ + ret = encode_AS_REQ ((unsigned char*)buf + sizeof(buf) - 1, + sizeof(buf), + &a, + &req.length); + if (ret){ free_AS_REQ(&a); - return ASN1_PARSE_ERROR; + return ret; } free_AS_REQ(&a); req.data = buf + sizeof(buf) - req.length; - err = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp); - if (err) { - return err; + ret = krb5_sendto_kdc (context, &req, &creds->client->realm, &resp); + if (ret) { + return ret; } - if(decode_AS_REP(resp.data, resp.length, &rep.part1) < 0){ + if((ret = decode_AS_REP(resp.data, resp.length, &rep.part1, &size))){ /* let's try to parse it as a KRB-ERROR */ KRB_ERROR error; + int ret2; - if (decode_KRB_ERROR(resp.data, resp.length, &error) >= 0) { - /* XXX */ - fprintf (stderr, "get_in_tkt: KRB_ERROR: %s\n", - *(error.e_text)); - } + ret2 = decode_KRB_ERROR(resp.data, resp.length, &error, &size); krb5_data_free(&resp); - return ASN1_PARSE_ERROR; + if (ret2 == 0) { + /* XXX */ + fprintf (stderr, "get_in_tkt: KRB_ERROR: %s\n", *(error.e_text)); + return error.error_code; + } + return ret; } krb5_data_free(&resp); - - err = extract_ticket(context, &rep, creds, key, keyseed, + + ret = extract_ticket(context, &rep, creds, key, keyseed, decrypt_proc, decryptarg); free_KDC_REP(&rep.part1); - if(err) - return err; + if(ret) + return ret; return krb5_cc_store_cred (context, ccache, creds); } diff --git a/lib/krb5/mk_error.c b/lib/krb5/mk_error.c index f73389fc2..87bc733c4 100644 --- a/lib/krb5/mk_error.c +++ b/lib/krb5/mk_error.c @@ -27,7 +27,7 @@ krb5_mk_error(krb5_principal princ, msg.e_text = &e_text; if (e_data) msg.e_data = e_data; - err->length = encode_KRB_ERROR(buf + sizeof(buf) - 1, sizeof(buf), &msg); + encode_KRB_ERROR(buf + sizeof(buf) - 1, sizeof(buf), &msg, &err->length); err->data = malloc(err->length); memcpy(err->data, buf + sizeof(buf) - err->length, err->length); return 0; diff --git a/lib/krb5/mk_priv.c b/lib/krb5/mk_priv.c index dcec57763..5e64d4f47 100644 --- a/lib/krb5/mk_priv.c +++ b/lib/krb5/mk_priv.c @@ -36,10 +36,10 @@ krb5_mk_priv(krb5_context context, part.s_address.address = addr.addrs[0].address; part.r_address = NULL; - len = encode_EncKrbPrivPart (buf + sizeof(buf) - 1, sizeof(buf), &part); + r = encode_EncKrbPrivPart (buf + sizeof(buf) - 1, sizeof(buf), &part, &len); free (part.seq_number); - if (len < 0) - return ASN1_PARSE_ERROR; + if (r) + return r; s.pvno = 5; s.msg_type = krb_priv; @@ -51,9 +51,9 @@ krb5_mk_priv(krb5_context context, if (r) return r; - len = encode_KRB_PRIV (buf + sizeof(buf) - 1, sizeof(buf), &s); - if (len < 0) - return ASN1_PARSE_ERROR; + r = encode_KRB_PRIV (buf + sizeof(buf) - 1, sizeof(buf), &s, &len); + if (r) + return r; outbuf->length = len; outbuf->data = malloc (len); if (outbuf->data == NULL) diff --git a/lib/krb5/mk_rep.c b/lib/krb5/mk_rep.c index 6a51aa31d..1f1cd0e37 100644 --- a/lib/krb5/mk_rep.c +++ b/lib/krb5/mk_rep.c @@ -32,15 +32,13 @@ krb5_mk_rep(krb5_context context, ap.enc_part.etype = (*auth_context)->key.keytype; ap.enc_part.kvno = NULL; - len = encode_EncAPRepPart (buf + sizeof(buf) - 1, - sizeof(buf), &body); + encode_EncAPRepPart (buf + sizeof(buf) - 1, sizeof(buf), &body, &len); ret = krb5_encrypt (context, buf + sizeof(buf) - len, len, &(*auth_context)->key, &ap.enc_part.cipher); if (ret) return ret; - len = encode_AP_REP (buf + sizeof(buf) - 1, - sizeof(buf), &ap); + encode_AP_REP (buf + sizeof(buf) - 1, sizeof(buf), &ap, &len); free (ap.enc_part.cipher.data); outbuf->length = len; outbuf->data = malloc(len); diff --git a/lib/krb5/mk_safe.c b/lib/krb5/mk_safe.c index 2153dde11..71e8b134b 100644 --- a/lib/krb5/mk_safe.c +++ b/lib/krb5/mk_safe.c @@ -45,10 +45,10 @@ krb5_mk_safe(krb5_context context, s.safe_body.s_address = addr.addrs[0]; s.safe_body.r_address = NULL; - len = encode_KRB_SAFE (buf + sizeof(buf) - 1, sizeof(buf), &s); + r = encode_KRB_SAFE (buf + sizeof(buf) - 1, sizeof(buf), &s, &len); free(s.safe_body.seq_number); - if (len < 0) - return ASN1_PARSE_ERROR; + if (r) + return r; outbuf->length = len; outbuf->data = malloc (len); if (outbuf->data == NULL) diff --git a/lib/krb5/rd_priv.c b/lib/krb5/rd_priv.c index c223d2404..c82d4aded 100644 --- a/lib/krb5/rd_priv.c +++ b/lib/krb5/rd_priv.c @@ -12,29 +12,29 @@ krb5_rd_priv(krb5_context context, krb5_error_code r; KRB_PRIV priv; EncKrbPrivPart part; - int len; + size_t len; krb5_data plain; - len = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv); - if (len < 0) - return ASN1_PARSE_ERROR; + r = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len); + if (r) + return r; if (priv.pvno != 5) - return KRB5KRB_AP_ERR_BADVERSION; + return KRB5KRB_AP_ERR_BADVERSION; if (priv.msg_type != krb_safe) - return KRB5KRB_AP_ERR_MSG_TYPE; + return KRB5KRB_AP_ERR_MSG_TYPE; r = krb5_decrypt (context, priv.enc_part.cipher.data, priv.enc_part.cipher.length, &auth_context->key, &plain); - if (r) - return r; - - len = decode_EncKrbPrivPart (plain.data, plain.length, &part); - if (len < 0) - return ASN1_PARSE_ERROR; + if (r) + return r; + r = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len); + if (r) + return r; + /* check timestamp */ if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { struct timeval tv; diff --git a/lib/krb5/rd_rep.c b/lib/krb5/rd_rep.c index b2482d846..42fa0aac6 100644 --- a/lib/krb5/rd_rep.c +++ b/lib/krb5/rd_rep.c @@ -16,9 +16,9 @@ krb5_rd_rep(krb5_context context, int i; krb5_data data; - len = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep); - if (len < 0) - return ASN1_PARSE_ERROR; + ret = decode_AP_REP(inbuf->data, inbuf->length, &ap_rep, &len); + if (ret) + return ret; if (ap_rep.pvno != 5) return KRB5KRB_AP_ERR_BADVERSION; if (ap_rep.msg_type != krb_ap_rep) @@ -35,11 +35,12 @@ krb5_rd_rep(krb5_context context, *repl = malloc(sizeof(**repl)); if (*repl == NULL) return ENOMEM; - i = decode_EncAPRepPart(data.data, - data.length, - *repl); - if (i < 0) - return ASN1_PARSE_ERROR; + ret = decode_EncAPRepPart(data.data, + data.length, + *repl, + &i); + if (ret) + return ret; if ((*repl)->ctime != auth_context->authenticator->ctime || (*repl)->cusec != auth_context->authenticator->cusec) { printf("KRB5KRB_AP_ERR_MUT_FAIL\n"); diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index 45d85537b..10d298c35 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -16,10 +16,10 @@ decrypt_tkt_enc_part (krb5_context context, if (ret) return ret; - len = decode_EncTicketPart(plain.data, plain.length, decr_part); + ret = decode_EncTicketPart(plain.data, plain.length, decr_part, &len); krb5_data_free (&plain); - if (len < 0) - return ASN1_PARSE_ERROR; + if (ret) + return ret; return 0; } @@ -31,16 +31,16 @@ decrypt_authenticator (krb5_context context, { krb5_error_code ret; krb5_data plain; - int len; + size_t len; ret = krb5_decrypt (context, enc_part->cipher.data, enc_part->cipher.length, key, &plain); if (ret) return ret; - len = decode_Authenticator(plain.data, plain.length, authenticator); + ret = decode_Authenticator(plain.data, plain.length, authenticator, &len); krb5_data_free (&plain); - if (len < 0) - return ASN1_PARSE_ERROR; + if (ret) + return ret; return 0; } @@ -64,9 +64,9 @@ krb5_rd_req_with_keyblock(krb5_context context, return ret; } - len = decode_AP_REQ(inbuf->data, inbuf->length, &ap_req); - if (len < 0) - return ASN1_PARSE_ERROR; + ret = decode_AP_REQ(inbuf->data, inbuf->length, &ap_req, &len); + if (ret) + return ret; if (ap_req.pvno != 5) return KRB5KRB_AP_ERR_BADVERSION; if (ap_req.msg_type != krb_ap_req) diff --git a/lib/krb5/rd_safe.c b/lib/krb5/rd_safe.c index a07942aa5..aea3b9d62 100644 --- a/lib/krb5/rd_safe.c +++ b/lib/krb5/rd_safe.c @@ -11,11 +11,11 @@ krb5_rd_safe(krb5_context context, { krb5_error_code r; KRB_SAFE safe; - int len; + size_t len; - len = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe); - if (len < 0) - return ASN1_PARSE_ERROR; + r = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len); + if (r) + return r; if (safe.pvno != 5) return KRB5KRB_AP_ERR_BADVERSION; if (safe.msg_type != krb_safe)