oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: avoid re-encoding KDC-REQ-BODY

Browse Source 
Use --preserve-binary=KDC-REQ-BODY option to ASN.1 compiler to avoid
re-encoding KDC-REQ-BODYs for verification in GSS preauth, TGS and PKINIT.
This commit is contained in:
Luke Howard
2021-09-13 13:50:45 +10:00
parent 908ef18c9f
commit ebfd48e40a
5 changed files with 8 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
kdc/gss_preauth.c
View File

@@ -190,7 +190,6 @@ _kdc_gss_rd_padata(astgs_request_t r,
int *open)
{
krb5_error_code ret;
size_t size;
OM_uint32 minor;
gss_client_params *gcp = NULL;
@@ -230,12 +229,7 @@ _kdc_gss_rd_padata(astgs_request_t r,
goto out;
_krb5_gss_data_to_buffer(&pa->padata_value, &input_token);
ASN1_MALLOC_ENCODE(KDC_REQ_BODY, cb.application_data.value,
cb.application_data.length, &r->req.req_body,
&size, ret);
heim_assert(ret || size == cb.application_data.length,
"internal asn1 encoder error");
_krb5_gss_data_to_buffer(&r->req.req_body._save, &cb.application_data);
gcp->major = gss_accept_sec_context(&gcp->minor,
&gcp->context_handle,
@@ -263,7 +257,6 @@ _kdc_gss_rd_padata(astgs_request_t r,
out:
gss_release_cred(&minor, &cred);
gss_release_buffer(&minor, &cb.application_data);
if (gcp && gcp->major != GSS_S_NO_CONTEXT)
*pgcp = gcp;