diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5/rd_cred.c')
-rw-r--r-- | crypto/heimdal/lib/krb5/rd_cred.c | 42 |
1 files changed, 33 insertions, 9 deletions
diff --git a/crypto/heimdal/lib/krb5/rd_cred.c b/crypto/heimdal/lib/krb5/rd_cred.c index 746e2d1..401770b 100644 --- a/crypto/heimdal/lib/krb5/rd_cred.c +++ b/crypto/heimdal/lib/krb5/rd_cred.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_cred.c,v 1.15 2001/06/29 14:53:44 assar Exp $"); +RCSID("$Id: rd_cred.c,v 1.17 2002/08/09 17:07:12 joda Exp $"); krb5_error_code krb5_rd_cred(krb5_context context, @@ -136,13 +136,37 @@ krb5_rd_cred(krb5_context context, /* check receiver address */ if (enc_krb_cred_part.r_address - && auth_context->local_address - && !krb5_address_compare (context, - auth_context->local_address, - enc_krb_cred_part.r_address)) { - krb5_clear_error_string (context); - ret = KRB5KRB_AP_ERR_BADADDR; - goto out; + && auth_context->local_address) { + if(auth_context->local_port && + enc_krb_cred_part.r_address->addr_type == KRB5_ADDRESS_ADDRPORT) { + krb5_address *a; + int cmp; + ret = krb5_make_addrport (context, &a, + auth_context->local_address, + auth_context->local_port); + if (ret) + goto out; + + cmp = krb5_address_compare (context, + a, + enc_krb_cred_part.r_address); + krb5_free_address (context, a); + free (a); + + if (cmp == 0) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_BADADDR; + goto out; + } + } else { + if(!krb5_address_compare (context, + auth_context->local_address, + enc_krb_cred_part.r_address)) { + krb5_clear_error_string (context); + ret = KRB5KRB_AP_ERR_BADADDR; + goto out; + } + } } /* check timestamp */ |