oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Use IS_DCE_STYLE flag. There is no padding in DCE-STYLE, don't try to use to.

Browse Source 
From Andrew Bartlett.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18937 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-11-07 19:05:16 +00:00
parent cc68fac9fe
commit 4806754426
1 changed files with 21 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
lib/gssapi/krb5/arcfour.c
View File

@@ -355,15 +355,16 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
if (conf_state) if (conf_state)
*conf_state = 0; *conf_state = 0;
datalen = input_message_buffer->length + 1 /* padding */; datalen = input_message_buffer->length;
if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { if (IS_DCE_STYLE(context_handle)) {
len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
_gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
} else {
len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;
_gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM); _gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
total_len += datalen; total_len += datalen;
} else {
datalen += 1; /* padding */
len = datalen + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
_gssapi_encap_length(len, &len, &total_len, GSS_KRB5_MECHANISM);
} }
output_message_buffer->length = total_len; output_message_buffer->length = total_len;
@@ -416,7 +417,8 @@ _gssapi_wrap_arcfour(OM_uint32 * minor_status,
p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE; p = p0 + GSS_ARCFOUR_WRAP_TOKEN_SIZE;
memcpy(p, input_message_buffer->value, input_message_buffer->length); memcpy(p, input_message_buffer->value, input_message_buffer->length);
p[input_message_buffer->length] = 1; /* PADDING */ if (!IS_DCE_STYLE(context_handle))
p[input_message_buffer->length] = 1; /* padding */
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
p0 + 16, 8, /* SGN_CKSUM */ p0 + 16, 8, /* SGN_CKSUM */
@@ -505,7 +507,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
u_char *p, *p0; u_char *p, *p0;
int cmp; int cmp;
int conf_flag; int conf_flag;
size_t padlen, len; size_t padlen = 0, len;
if (conf_state) if (conf_state)
*conf_state = 0; *conf_state = 0;
@@ -514,13 +516,13 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
p0 = input_message_buffer->value; p0 = input_message_buffer->value;
if ((context_handle->flags & GSS_C_DCE_STYLE) == 0) { if (IS_DCE_STYLE(context_handle)) {
len = input_message_buffer->length;
} else {
len = GSS_ARCFOUR_WRAP_TOKEN_SIZE + len = GSS_ARCFOUR_WRAP_TOKEN_SIZE +
GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE; GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE;
if (input_message_buffer->length < len) if (input_message_buffer->length < len)
return GSS_S_BAD_MECH; return GSS_S_BAD_MECH;
} else {
len = input_message_buffer->length;
} }
omret = _gssapi_verify_mech_header(&p0, omret = _gssapi_verify_mech_header(&p0,
@@ -631,6 +633,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
} }
memset(k6_data, 0, sizeof(k6_data)); memset(k6_data, 0, sizeof(k6_data));
if (!IS_DCE_STYLE(context_handle)) {
ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen); ret = _gssapi_verify_pad(output_message_buffer, datalen, &padlen);
if (ret) { if (ret) {
_gsskrb5_release_buffer(minor_status, output_message_buffer); _gsskrb5_release_buffer(minor_status, output_message_buffer);
@@ -638,6 +641,7 @@ OM_uint32 _gssapi_unwrap_arcfour(OM_uint32 *minor_status,
return ret; return ret;
} }
output_message_buffer->length -= padlen; output_message_buffer->length -= padlen;
}
ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL, ret = arcfour_mic_cksum(key, KRB5_KU_USAGE_SEAL,
cksum_data, sizeof(cksum_data), cksum_data, sizeof(cksum_data),
@@ -682,7 +686,7 @@ max_wrap_length_arcfour(const gsskrb5_ctx ctx,
* - we only need to encapsulate the WRAP token * - we only need to encapsulate the WRAP token
* However, since this is a fixed since, we just * However, since this is a fixed since, we just
*/ */
if (ctx->flags & GSS_C_DCE_STYLE) { if (IS_DCE_STYLE(ctx)) {
size_t len, total_len; size_t len, total_len;
len = GSS_ARCFOUR_WRAP_TOKEN_SIZE; len = GSS_ARCFOUR_WRAP_TOKEN_SIZE;