From 4fe154b2f9ef2a9191d9c0ca4cf7c387e69ba7a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 7 Jun 2007 04:34:14 +0000 Subject: [PATCH] verify reply by checking asn1 class, type and tag of the reply if there is one. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20957 ec53bebd-3082-4978-b11e-865c3cabbd6b --- kdc/kdc-replay.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/kdc/kdc-replay.c b/kdc/kdc-replay.c index dd919495d..802287279 100644 --- a/kdc/kdc-replay.c +++ b/kdc/kdc-replay.c @@ -75,7 +75,7 @@ main(int argc, char **argv) struct timeval tv; krb5_address a; krb5_data d, r; - uint32_t t; + uint32_t t, clty, tag; char astr[80]; ret = krb5_ret_uint32(sp, &t); @@ -94,6 +94,13 @@ main(int argc, char **argv) ret = krb5_ret_data(sp, &d); if (ret) krb5_errx(context, 1, "krb5_ret_data"); + ret = krb5_ret_uint32(sp, &clty); + if (ret) + krb5_errx(context, 1, "krb5_ret_uint32(class|type)"); + ret = krb5_ret_uint32(sp, &tag); + if (ret) + krb5_errx(context, 1, "krb5_ret_uint32(tag)"); + ret = krb5_addr2sockaddr (context, &a, (struct sockaddr *)&sa, &salen, 88); @@ -121,8 +128,25 @@ main(int argc, char **argv) if (ret) krb5_err(context, 1, ret, "krb5_kdc_process_request"); - if(r.length) + if (r.length) { + Der_class cl; + Der_type ty; + unsigned int tag2; + ret = der_get_tag (r.data, r.length, + &cl, &ty, &tag2, NULL); + if (MAKE_TAG(cl, ty, 0) != clty) + krb5_errx(context, 1, "class|type mismatch: %d != %d", + (int)MAKE_TAG(cl, ty, 0), (int)clty); + if (tag != tag2) + krb5_errx(context, 1, "tag mismatch"); + krb5_data_free(&r); + } else { + if (clty != 0xffffffff) + krb5_errx(context, 1, "clty not invalid"); + if (tag != 0xffffffff) + krb5_errx(context, 1, "tag not invalid"); + } krb5_data_free(&d); krb5_free_address(context, &a);