1 files changed, 33 insertions, 9 deletions

diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c
index 746e2d1..401770b 100644
--- a/crypto/heimdal/lib/krb5/rd_cred.c
+++ b/crypto/heimdal/lib/krb5/rd_cred.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -33,7 +33,7 @@
 
 #include <krb5_locl.h>
 
-RCSID("$Id: rd_cred.c,v 1.15 2001/06/29 14:53:44 assar Exp $");
+RCSID("$Id: rd_cred.c,v 1.17 2002/08/09 17:07:12 joda Exp $");
 
 krb5_error_code
 krb5_rd_cred(krb5_context context,
@@ -136,13 +136,37 @@ krb5_rd_cred(krb5_context context,
     /* check receiver address */
 
     if (enc_krb_cred_part.r_address
-	&& auth_context->local_address
-	&& !krb5_address_compare (context,
-				  auth_context->local_address,
-				  enc_krb_cred_part.r_address)) {
-	krb5_clear_error_string (context);
-	ret = KRB5KRB_AP_ERR_BADADDR;
-	goto out;
+	&& auth_context->local_address) {
+	if(auth_context->local_port &&
+	   enc_krb_cred_part.r_address->addr_type == KRB5_ADDRESS_ADDRPORT) {
+	    krb5_address *a;
+	    int cmp;
+	    ret = krb5_make_addrport (context, &a,
+				      auth_context->local_address,
+				      auth_context->local_port);
+	    if (ret)
+		goto out;
+	    
+	    cmp = krb5_address_compare (context,
+					a,
+					enc_krb_cred_part.r_address);
+	    krb5_free_address (context, a);
+	    free (a);
+	    
+	    if (cmp == 0) {
+		krb5_clear_error_string (context);
+		ret = KRB5KRB_AP_ERR_BADADDR;
+		goto out;
+	    }
+	} else {
+	    if(!krb5_address_compare (context,
+				      auth_context->local_address,
+				      enc_krb_cred_part.r_address)) {
+		krb5_clear_error_string (context);
+		ret = KRB5KRB_AP_ERR_BADADDR;
+		goto out;
+	    }		
+	}
     }
 
     /* check timestamp */