svn rev #23577: trunk/src/lib/krb5/krb/
ghudson@MIT.EDU
ghudson at MIT.EDU
Mon Jan 4 12:00:23 EST 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=23577
Commit By: ghudson
Log Message:
Don't accept AS replies encrypted in enctypes other than the ones we
asked for.
Changed Files:
U trunk/src/lib/krb5/krb/get_in_tkt.c
Modified: trunk/src/lib/krb5/krb/get_in_tkt.c
===================================================================
--- trunk/src/lib/krb5/krb/get_in_tkt.c 2010-01-04 06:22:41 UTC (rev 23576)
+++ trunk/src/lib/krb5/krb/get_in_tkt.c 2010-01-04 17:00:23 UTC (rev 23577)
@@ -1730,7 +1730,20 @@
return 0;
}
+/* Ensure that the reply enctype was among the requested enctypes. */
static krb5_error_code
+check_reply_enctype(krb5_init_creds_context ctx)
+{
+ int i;
+
+ for (i = 0; i < ctx->request->nktypes; i++) {
+ if (ctx->request->ktype[i] == ctx->reply->enc_part.enctype)
+ return 0;
+ }
+ return KRB5_CONFIG_ETYPE_NOSUPP;
+}
+
+static krb5_error_code
init_creds_step_reply(krb5_context context,
krb5_init_creds_context ctx,
krb5_data *in)
@@ -1820,6 +1833,11 @@
/* We have a response. Process it. */
assert(ctx->reply != NULL);
+ /* Check for replies (likely forged) with unasked-for enctypes. */
+ code = check_reply_enctype(ctx);
+ if (code != 0)
+ goto cleanup;
+
/* process any preauth data in the as_reply */
krb5_clear_preauth_context_use_counts(context);
code = krb5int_fast_process_response(context, ctx->fast_state,
More information about the cvs-krb5
mailing list