1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
Index: kdc/kdc_util.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/kdc_util.c,v
retrieving revision 5.96.2.2.2.3
diff -p -u -r5.96.2.2.2.3 kdc_util.c
--- kdc/kdc_util.c 2002/10/31 00:38:34 5.96.2.2.2.3
+++ kdc/kdc_util.c 2003/03/19 00:39:00
@@ -157,7 +157,8 @@ realm_compare(princ1, princ2)
krb5_boolean krb5_is_tgs_principal(principal)
krb5_principal principal;
{
- if ((krb5_princ_component(kdc_context, principal, 0)->length ==
+ if (krb5_princ_size(kdc_context, principal) > 0 &&
+ (krb5_princ_component(kdc_context, principal, 0)->length ==
KRB5_TGS_NAME_SIZE) &&
(!memcmp(krb5_princ_component(kdc_context, principal, 0)->data,
KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE)))
@@ -1195,7 +1196,8 @@
return KRB_AP_ERR_NOT_US;
}
/* ...and that the second component matches the server realm... */
- if ((krb5_princ_component(kdc_context, ticket->server, 1)->length !=
+ if ((krb5_princ_size(kdc_context, ticket->server) <= 1) ||
+ (krb5_princ_component(kdc_context, ticket->server, 1)->length !=
krb5_princ_realm(kdc_context, request->server)->length) ||
memcmp(krb5_princ_component(kdc_context, ticket->server, 1)->data,
krb5_princ_realm(kdc_context, request->server)->data,
|