From 72fabc6c6befca8bf65ee21fe7e6fa3edd2b254c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Wed, 12 Oct 2005 07:25:18 +0000 Subject: [PATCH] (spnego_reply): Don't pass back raw Kerberos errors, use GSS-API errors instead. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16158 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/init_sec_context.c | 17 ++++++++++++----- lib/gssapi/krb5/init_sec_context.c | 17 ++++++++++++----- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/lib/gssapi/init_sec_context.c b/lib/gssapi/init_sec_context.c index a7fb0d74d..05614a3f0 100644 --- a/lib/gssapi/init_sec_context.c +++ b/lib/gssapi/init_sec_context.c @@ -677,16 +677,23 @@ spnego_reply ret = der_match_tag_and_length((const char *)indata.data, indata.length, ASN1_C_CONTEXT, CONS, 1, &len, &taglen); - if (ret) - return ret; + if (ret) { + gssapi_krb5_set_status("Failed to decode NegToken choice"); + *minor_status = ret; + return GSS_S_FAILURE; + } - if(len > indata.length - taglen) - return ASN1_OVERRUN; + if(len > indata.length - taglen) { + gssapi_krb5_set_status("Buffer overrun in NegToken choice"); + *minor_status = ASN1_OVERRUN; + return GSS_S_FAILURE; + } ret = decode_NegTokenTarg((const char *)indata.data + taglen, len, &targ, NULL); if (ret) { - *minor_status = ENOMEM; + gssapi_krb5_set_status("Failed to decode NegTokenTarg"); + *minor_status = ret; return GSS_S_FAILURE; } diff --git a/lib/gssapi/krb5/init_sec_context.c b/lib/gssapi/krb5/init_sec_context.c index a7fb0d74d..05614a3f0 100644 --- a/lib/gssapi/krb5/init_sec_context.c +++ b/lib/gssapi/krb5/init_sec_context.c @@ -677,16 +677,23 @@ spnego_reply ret = der_match_tag_and_length((const char *)indata.data, indata.length, ASN1_C_CONTEXT, CONS, 1, &len, &taglen); - if (ret) - return ret; + if (ret) { + gssapi_krb5_set_status("Failed to decode NegToken choice"); + *minor_status = ret; + return GSS_S_FAILURE; + } - if(len > indata.length - taglen) - return ASN1_OVERRUN; + if(len > indata.length - taglen) { + gssapi_krb5_set_status("Buffer overrun in NegToken choice"); + *minor_status = ASN1_OVERRUN; + return GSS_S_FAILURE; + } ret = decode_NegTokenTarg((const char *)indata.data + taglen, len, &targ, NULL); if (ret) { - *minor_status = ENOMEM; + gssapi_krb5_set_status("Failed to decode NegTokenTarg"); + *minor_status = ret; return GSS_S_FAILURE; }