From bb7c2ec23c1d6edfa94e53b9aed7d0b6406af3c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Thu, 6 Nov 2003 01:27:50 +0000 Subject: [PATCH] checksum the header last in MIC token, update to -03 From: Luke Howard git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13082 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/cfx.c | 16 ++++++++-------- lib/gssapi/krb5/cfx.c | 16 ++++++++-------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/lib/gssapi/cfx.c b/lib/gssapi/cfx.c index e00c2d961..d01db80df 100644 --- a/lib/gssapi/cfx.c +++ b/lib/gssapi/cfx.c @@ -35,7 +35,7 @@ RCSID("$Id$"); /* - * Implementation of draft-ietf-krb-wg-gssapi-cfx-02.txt + * Implementation of draft-ietf-krb-wg-gssapi-cfx-03.txt */ #define SentByAcceptor (1 << 0) @@ -634,7 +634,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, return GSS_S_FAILURE; } - len = sizeof(*token) + message_buffer->length; + len = message_buffer->length + sizeof(*token); buf = malloc(len); if (buf == NULL) { *minor_status = ENOMEM; @@ -642,7 +642,9 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, return GSS_S_FAILURE; } - token = (gss_cfx_mic_token)buf; + memcpy(buf, message_buffer->value, message_buffer->length); + + token = (gss_cfx_mic_token)(buf + message_buffer->length); token->TOK_ID[0] = 0x04; token->TOK_ID[1] = 0x04; token->Flags = 0; @@ -661,8 +663,6 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, ++seq_number); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - memcpy(buf + sizeof(*token), message_buffer->value, message_buffer->length); - if (context_handle->more_flags & LOCAL) { usage = KRB5_KU_USAGE_INITIATOR_SIGN; } else { @@ -792,14 +792,14 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, usage = KRB5_KU_USAGE_INITIATOR_SIGN; } - buf = malloc(sizeof(*token) + message_buffer->length); + buf = malloc(message_buffer->length + sizeof(*token)); if (buf == NULL) { *minor_status = ENOMEM; krb5_crypto_destroy(gssapi_krb5_context, crypto); return GSS_S_FAILURE; } - memcpy(buf, token, sizeof(*token)); - memcpy(buf + sizeof(*token), message_buffer->value, message_buffer->length); + memcpy(buf, message_buffer->value, message_buffer->length); + memcpy(buf + message_buffer->length, token, sizeof(*token)); ret = krb5_verify_checksum(gssapi_krb5_context, crypto, usage, diff --git a/lib/gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c index e00c2d961..d01db80df 100644 --- a/lib/gssapi/krb5/cfx.c +++ b/lib/gssapi/krb5/cfx.c @@ -35,7 +35,7 @@ RCSID("$Id$"); /* - * Implementation of draft-ietf-krb-wg-gssapi-cfx-02.txt + * Implementation of draft-ietf-krb-wg-gssapi-cfx-03.txt */ #define SentByAcceptor (1 << 0) @@ -634,7 +634,7 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, return GSS_S_FAILURE; } - len = sizeof(*token) + message_buffer->length; + len = message_buffer->length + sizeof(*token); buf = malloc(len); if (buf == NULL) { *minor_status = ENOMEM; @@ -642,7 +642,9 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, return GSS_S_FAILURE; } - token = (gss_cfx_mic_token)buf; + memcpy(buf, message_buffer->value, message_buffer->length); + + token = (gss_cfx_mic_token)(buf + message_buffer->length); token->TOK_ID[0] = 0x04; token->TOK_ID[1] = 0x04; token->Flags = 0; @@ -661,8 +663,6 @@ OM_uint32 _gssapi_mic_cfx(OM_uint32 *minor_status, ++seq_number); HEIMDAL_MUTEX_unlock(&context_handle->ctx_id_mutex); - memcpy(buf + sizeof(*token), message_buffer->value, message_buffer->length); - if (context_handle->more_flags & LOCAL) { usage = KRB5_KU_USAGE_INITIATOR_SIGN; } else { @@ -792,14 +792,14 @@ OM_uint32 _gssapi_verify_mic_cfx(OM_uint32 *minor_status, usage = KRB5_KU_USAGE_INITIATOR_SIGN; } - buf = malloc(sizeof(*token) + message_buffer->length); + buf = malloc(message_buffer->length + sizeof(*token)); if (buf == NULL) { *minor_status = ENOMEM; krb5_crypto_destroy(gssapi_krb5_context, crypto); return GSS_S_FAILURE; } - memcpy(buf, token, sizeof(*token)); - memcpy(buf + sizeof(*token), message_buffer->value, message_buffer->length); + memcpy(buf, message_buffer->value, message_buffer->length); + memcpy(buf + message_buffer->length, token, sizeof(*token)); ret = krb5_verify_checksum(gssapi_krb5_context, crypto, usage,