krb5 commit: Get rid of G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE

Greg Hudson ghudson at MIT.EDU
Sun Sep 8 14:19:00 EDT 2013 

https://github.com/krb5/krb5/commit/daf42938a262c3a88164b07972f2a2e6e8552620
commit daf42938a262c3a88164b07972f2a2e6e8552620
Author: Greg Hudson <ghudson at mit.edu>
Date:   Sun Sep 8 14:10:37 2013 -0400

    Get rid of G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE
    
    This flag was introduced in the mskrb-integ merge but is not actually
    used after r21742--while kg_unseal_iov_token sets it in vfyflags for
    DCE-style contexts, it doesn't actually pass vfyflags to
    g_verify_token_header or otherwise use it.  Moreover, the flag is not
    necessary there; we correctly set input_length to the header length
    (without data, padding, or trailer) for v1 tokens in a DCE-style
    context.

 src/lib/gssapi/generic/gssapiP_generic.h |    1 -
 src/lib/gssapi/generic/util_token.c      |    3 +--
 src/lib/gssapi/krb5/k5unsealiov.c        |    4 ----
 3 files changed, 1 insertions(+), 7 deletions(-)

diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h
index ebc9096..706805d 100644
--- a/src/lib/gssapi/generic/gssapiP_generic.h
+++ b/src/lib/gssapi/generic/gssapiP_generic.h
@@ -157,7 +157,6 @@ void g_make_token_header (const gss_OID_desc * mech, unsigned int body_size,
 
 /* flags for g_verify_token_header() */
 #define G_VFY_TOKEN_HDR_WRAPPER_REQUIRED        0x01
-#define G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE         0x02
 
 gss_int32 g_verify_token_header (const gss_OID_desc * mech,
                                  unsigned int *body_size,
diff --git a/src/lib/gssapi/generic/util_token.c b/src/lib/gssapi/generic/util_token.c
index 0c4c90c..6e339f4 100644
--- a/src/lib/gssapi/generic/util_token.c
+++ b/src/lib/gssapi/generic/util_token.c
@@ -194,8 +194,7 @@ g_verify_token_header(
     if ((seqsize = der_read_length(&buf, &toksize)) < 0)
         return(G_BAD_TOK_HEADER);
 
-    if ((flags & G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE) == 0 &&
-        seqsize != toksize)
+    if (seqsize != toksize)
         return(G_BAD_TOK_HEADER);
 
     if ((toksize-=1) < 0)
diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c
index 87fe34f..f80f4d0 100644
--- a/src/lib/gssapi/krb5/k5unsealiov.c
+++ b/src/lib/gssapi/krb5/k5unsealiov.c
@@ -315,7 +315,6 @@ kg_unseal_iov_token(OM_uint32 *minor_status,
     size_t input_length;
     unsigned int bodysize;
     int toktype2;
-    int vfyflags = 0;
 
     header = kg_locate_iov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
     if (header == NULL) {
@@ -343,9 +342,6 @@ kg_unseal_iov_token(OM_uint32 *minor_status,
             input_length += trailer->buffer.length;
     }
 
-    if (ctx->gss_flags & GSS_C_DCE_STYLE)
-        vfyflags |= G_VFY_TOKEN_HDR_IGNORE_SEQ_SIZE;
-
     code = g_verify_token_header(ctx->mech_used,
                                  &bodysize, &ptr, -1,
                                  input_length, 0);

More information about the cvs-krb5 mailing list