|
 |
2fc102 |
From 103f7efda7b84e7c791af2ebc2255e61e826fd75 Mon Sep 17 00:00:00 2001
|
|
|
2fc102 |
From: Alexander Bokovoy <ab@samba.org>
|
|
|
2fc102 |
Date: Tue, 24 Dec 2013 13:01:46 +0200
|
|
|
2fc102 |
Subject: [PATCH 48/48] FAST: when parsing krb5_child response, make sure to
|
|
|
2fc102 |
not miss OTP message if it was last one
|
|
|
2fc102 |
|
|
|
2fc102 |
The last message in the stream might be with empty payload which means we get
|
|
|
2fc102 |
only message type and message length (0) returned, i.e. 8 bytes left remaining
|
|
|
2fc102 |
in the stream after processing preceding message. This makes our calculation at
|
|
|
2fc102 |
the end of a message processing loop incorrect -- p+2*sizeof(int32_t) can be
|
|
|
2fc102 |
equal to len, after all.
|
|
|
2fc102 |
|
|
|
2fc102 |
Fixes FAST processing for FreeIPA native OTP case:
|
|
|
2fc102 |
https://fedorahosted.org/sssd/ticket/2186
|
|
|
2fc102 |
---
|
|
|
2fc102 |
src/providers/krb5/krb5_child_handler.c | 7 ++++---
|
|
|
2fc102 |
1 file changed, 4 insertions(+), 3 deletions(-)
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
|
|
|
2fc102 |
index 92dec0d2afb1627b61c3dd1037e91546a7ee08d6..d6c1dc1f9707444a82e433a375839cadf73f1259 100644
|
|
|
2fc102 |
--- a/src/providers/krb5/krb5_child_handler.c
|
|
|
2fc102 |
+++ b/src/providers/krb5/krb5_child_handler.c
|
|
|
2fc102 |
@@ -548,8 +548,9 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len,
|
|
|
2fc102 |
* CCACHE_ENV_NAME"=". pref_len also counts the trailing '=' because
|
|
|
2fc102 |
* sizeof() counts the trailing '\0' of a string. */
|
|
|
2fc102 |
pref_len = sizeof(CCACHE_ENV_NAME);
|
|
|
2fc102 |
- if (msg_len > pref_len &&
|
|
|
2fc102 |
- strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0) {
|
|
|
2fc102 |
+ if ((msg_type == SSS_PAM_ENV_ITEM) &&
|
|
|
2fc102 |
+ (msg_len > pref_len) &&
|
|
|
2fc102 |
+ (strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0)) {
|
|
|
2fc102 |
ccname = (char *) &buf[p+pref_len];
|
|
|
2fc102 |
ccname_len = msg_len-pref_len;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
@@ -600,7 +601,7 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len,
|
|
|
2fc102 |
|
|
|
2fc102 |
p += msg_len;
|
|
|
2fc102 |
|
|
|
2fc102 |
- if ((p < len) && (p + 2*sizeof(int32_t) >= len)) {
|
|
|
2fc102 |
+ if ((p < len) && (p + 2*sizeof(int32_t) > len)) {
|
|
|
2fc102 |
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
|
2fc102 |
("The remainder of the message is too short.\n"));
|
|
|
2fc102 |
return EINVAL;
|
|
|
2fc102 |
--
|
|
|
2fc102 |
1.8.4.2
|
|
|
2fc102 |
|