diff options
author | Andrew Bartlett <abartlet@samba.org> | 2006-07-21 02:05:45 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:10:16 -0500 |
commit | b718193b6bbf67b7677b07c0eb41364672bc69a7 (patch) | |
tree | ef7e6e98d9ae11c9f7039641d8c7ca6e04ef81ea /source4/auth/gensec | |
parent | 048d0c64f9505ad236b9bf138d10ee3e2bb08cec (diff) | |
download | samba-b718193b6bbf67b7677b07c0eb41364672bc69a7.tar.gz samba-b718193b6bbf67b7677b07c0eb41364672bc69a7.tar.bz2 samba-b718193b6bbf67b7677b07c0eb41364672bc69a7.zip |
r17173: Check for oversize output, not oversize input, and fix the GSSAPI mech
to work (it broke it in the previous commit).
Andrew Bartlett
(This used to be commit e96638bc74f0752ce8af6626a04c92d48b917ffe)
Diffstat (limited to 'source4/auth/gensec')
-rw-r--r-- | source4/auth/gensec/gensec_gssapi.c | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c index e8597dc73b..2ff52311c3 100644 --- a/source4/auth/gensec/gensec_gssapi.c +++ b/source4/auth/gensec/gensec_gssapi.c @@ -741,16 +741,6 @@ static NTSTATUS gensec_gssapi_wrap(struct gensec_security *gensec_security, input_token.length = in->length; input_token.value = in->data; - if (gensec_gssapi_state->sasl) { - size_t max_input_size = gensec_gssapi_max_input_size(gensec_security); - if (max_input_size < in->length) { - DEBUG(1, ("gensec_gssapi_wrap: INPUT data (%u) is larger than SASL negotiated maximum size (%u)\n", - in->length, - (unsigned int)max_input_size)); - } - return NT_STATUS_INVALID_PARAMETER; - } - maj_stat = gss_wrap(&min_stat, gensec_gssapi_state->gssapi_context, gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL), @@ -767,6 +757,17 @@ static NTSTATUS gensec_gssapi_wrap(struct gensec_security *gensec_security, *out = data_blob_talloc(mem_ctx, output_token.value, output_token.length); gss_release_buffer(&min_stat, &output_token); + if (gensec_gssapi_state->sasl) { + size_t max_wrapped_size = gensec_gssapi_max_wrapped_size(gensec_security); + if (max_wrapped_size < out->length) { + DEBUG(1, ("gensec_gssapi_wrap: when wrapped, INPUT data (%u) is grew to be larger than SASL negotiated maximum output size (%u > %u)\n", + in->length, + out->length, + (unsigned int)max_wrapped_size)); + return NT_STATUS_INVALID_PARAMETER; + } + } + if (gensec_have_feature(gensec_security, GENSEC_FEATURE_SEAL) && !conf_state) { return NT_STATUS_ACCESS_DENIED; |