svn commit: samba r17173 - in
branches/SAMBA_4_0/source/auth/gensec: .
abartlet at samba.org
abartlet at samba.org
Fri Jul 21 02:05:45 GMT 2006
Author: abartlet
Date: 2006-07-21 02:05:45 +0000 (Fri, 21 Jul 2006)
New Revision: 17173
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17173
Log:
Check for oversize output, not oversize input, and fix the GSSAPI mech
to work (it broke it in the previous commit).
Andrew Bartlett
Modified:
branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
Changeset:
Modified: branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c
===================================================================
--- branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2006-07-21 01:58:17 UTC (rev 17172)
+++ branches/SAMBA_4_0/source/auth/gensec/gensec_gssapi.c 2006-07-21 02:05:45 UTC (rev 17173)
@@ -741,16 +741,6 @@
input_token.length = in->length;
input_token.value = in->data;
- if (gensec_gssapi_state->sasl) {
- size_t max_input_size = gensec_gssapi_max_input_size(gensec_security);
- if (max_input_size < in->length) {
- DEBUG(1, ("gensec_gssapi_wrap: INPUT data (%u) is larger than SASL negotiated maximum size (%u)\n",
- in->length,
- (unsigned int)max_input_size));
- }
- return NT_STATUS_INVALID_PARAMETER;
- }
-
maj_stat = gss_wrap(&min_stat,
gensec_gssapi_state->gssapi_context,
gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL),
@@ -767,6 +757,17 @@
*out = data_blob_talloc(mem_ctx, output_token.value, output_token.length);
gss_release_buffer(&min_stat, &output_token);
+ if (gensec_gssapi_state->sasl) {
+ size_t max_wrapped_size = gensec_gssapi_max_wrapped_size(gensec_security);
+ if (max_wrapped_size < out->length) {
+ DEBUG(1, ("gensec_gssapi_wrap: when wrapped, INPUT data (%u) is grew to be larger than SASL negotiated maximum output size (%u > %u)\n",
+ in->length,
+ out->length,
+ (unsigned int)max_wrapped_size));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL)
&& !conf_state) {
return NT_STATUS_ACCESS_DENIED;
More information about the samba-cvs
mailing list