From 103f7efda7b84e7c791af2ebc2255e61e826fd75 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Tue, 24 Dec 2013 13:01:46 +0200 Subject: [PATCH 48/48] FAST: when parsing krb5_child response, make sure to not miss OTP message if it was last one The last message in the stream might be with empty payload which means we get only message type and message length (0) returned, i.e. 8 bytes left remaining in the stream after processing preceding message. This makes our calculation at the end of a message processing loop incorrect -- p+2*sizeof(int32_t) can be equal to len, after all. Fixes FAST processing for FreeIPA native OTP case: https://fedorahosted.org/sssd/ticket/2186 --- src/providers/krb5/krb5_child_handler.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c index 92dec0d2afb1627b61c3dd1037e91546a7ee08d6..d6c1dc1f9707444a82e433a375839cadf73f1259 100644 --- a/src/providers/krb5/krb5_child_handler.c +++ b/src/providers/krb5/krb5_child_handler.c @@ -548,8 +548,9 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len, * CCACHE_ENV_NAME"=". pref_len also counts the trailing '=' because * sizeof() counts the trailing '\0' of a string. */ pref_len = sizeof(CCACHE_ENV_NAME); - if (msg_len > pref_len && - strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0) { + if ((msg_type == SSS_PAM_ENV_ITEM) && + (msg_len > pref_len) && + (strncmp((const char *) &buf[p], CCACHE_ENV_NAME"=", pref_len) == 0)) { ccname = (char *) &buf[p+pref_len]; ccname_len = msg_len-pref_len; } @@ -600,7 +601,7 @@ parse_krb5_child_response(TALLOC_CTX *mem_ctx, uint8_t *buf, ssize_t len, p += msg_len; - if ((p < len) && (p + 2*sizeof(int32_t) >= len)) { + if ((p < len) && (p + 2*sizeof(int32_t) > len)) { DEBUG(SSSDBG_CRIT_FAILURE, ("The remainder of the message is too short.\n")); return EINVAL; -- 1.8.4.2