diff options
Diffstat (limited to 'crypto/heimdal/lib/krb5/rd_safe.c')
-rw-r--r-- | crypto/heimdal/lib/krb5/rd_safe.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/crypto/heimdal/lib/krb5/rd_safe.c b/crypto/heimdal/lib/krb5/rd_safe.c index fb7cc2d..07628d9 100644 --- a/crypto/heimdal/lib/krb5/rd_safe.c +++ b/crypto/heimdal/lib/krb5/rd_safe.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include <krb5_locl.h> -RCSID("$Id: rd_safe.c,v 1.19 2000/02/06 05:20:51 assar Exp $"); +RCSID("$Id: rd_safe.c,v 1.23 2001/01/19 04:25:37 assar Exp $"); static krb5_error_code verify_checksum(krb5_context context, @@ -65,7 +65,9 @@ verify_checksum(krb5_context context, buf_size, safe, &len); - krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + if (ret) + goto out; ret = krb5_verify_checksum (context, crypto, KRB5_KU_KRB_SAFE_CKSUM, @@ -144,13 +146,20 @@ krb5_rd_safe(krb5_context context, } /* XXX - check replay cache */ - /* check sequence number */ + /* check sequence number. since MIT krb5 cannot generate a sequence + number of zero but instead generates no sequence number, we accept that + */ + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { - if (safe.safe_body.seq_number == NULL || - *safe.safe_body.seq_number != ++auth_context->remote_seqnumber) { + if ((safe.safe_body.seq_number == NULL + && auth_context->remote_seqnumber != 0) + || (safe.safe_body.seq_number != NULL + && *safe.safe_body.seq_number != + auth_context->remote_seqnumber)) { ret = KRB5KRB_AP_ERR_BADORDER; goto failure; } + auth_context->remote_seqnumber++; } ret = verify_checksum (context, auth_context, &safe); |