summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/lib/krb5/changepw.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/heimdal/lib/krb5/changepw.c')
-rw-r--r--crypto/heimdal/lib/krb5/changepw.c14
1 files changed, 7 insertions, 7 deletions
diff --git a/crypto/heimdal/lib/krb5/changepw.c b/crypto/heimdal/lib/krb5/changepw.c
index e930d87..f765a97 100644
--- a/crypto/heimdal/lib/krb5/changepw.c
+++ b/crypto/heimdal/lib/krb5/changepw.c
@@ -33,7 +33,7 @@
#include <krb5_locl.h>
-RCSID("$Id: changepw.c,v 1.35 2002/06/06 13:33:13 joda Exp $");
+RCSID("$Id: changepw.c,v 1.37 2002/09/03 16:14:34 nectar Exp $");
static krb5_error_code
send_request (krb5_context context,
@@ -57,7 +57,7 @@ send_request (krb5_context context,
ret = krb5_mk_req_extended (context,
auth_context,
- AP_OPTS_MUTUAL_REQUIRED,
+ AP_OPTS_MUTUAL_REQUIRED | AP_OPTS_USE_SUBKEY,
NULL, /* in_data */
creds,
&ap_req_data);
@@ -144,7 +144,7 @@ process_reply (krb5_context context,
u_char reply[BUFSIZ];
size_t len;
u_int16_t pkt_len, pkt_ver;
- krb5_data ap_rep_data;
+ krb5_data ap_rep_data, priv_data;
int save_errno;
ret = recvfrom (sock, reply, sizeof(reply), 0, NULL, NULL);
@@ -173,10 +173,13 @@ process_reply (krb5_context context,
ap_rep_data.data = reply + 6;
ap_rep_data.length = (reply[4] << 8) | (reply[5]);
+ priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
+ priv_data.length = len - ap_rep_data.length - 6;
+ if ((u_char *)priv_data.data + priv_data.length >= reply + len)
+ return KRB5_KPASSWD_MALFORMED;
if (ap_rep_data.length) {
krb5_ap_rep_enc_part *ap_rep;
- krb5_data priv_data;
u_char *p;
ret = krb5_rd_rep (context,
@@ -188,9 +191,6 @@ process_reply (krb5_context context,
krb5_free_ap_rep_enc_part (context, ap_rep);
- priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
- priv_data.length = len - ap_rep_data.length - 6;
-
ret = krb5_rd_priv (context,
auth_context,
&priv_data,
OpenPOWER on IntegriCloud