42 lines
1.3 KiB
Plaintext
42 lines
1.3 KiB
Plaintext
--- src/lib/kadm5/srv/svr_policy.c
|
|
+++ src/lib/kadm5/srv/svr_policy.c 2007/08/24 14:32:34
|
|
@@ -211,8 +211,9 @@
|
|
if((mask & KADM5_POLICY))
|
|
return KADM5_BAD_MASK;
|
|
|
|
- ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt);
|
|
- if( ret && (cnt==0) )
|
|
+ if ((ret = krb5_db_get_policy(handle->context, entry->policy, &p, &cnt)))
|
|
+ return ret;
|
|
+ if (cnt != 1)
|
|
return KADM5_UNK_POLICY;
|
|
|
|
if ((mask & KADM5_PW_MAX_LIFE))
|
|
|
|
--- src/lib/rpc/svc_auth_gss.c
|
|
+++ src/lib/rpc/svc_auth_gss.c 2007/09/06 08:32:37
|
|
@@ -355,6 +355,15 @@
|
|
memset(rpchdr, 0, sizeof(rpchdr));
|
|
|
|
/* XXX - Reconstruct RPC header for signing (from xdr_callmsg). */
|
|
+ oa = &msg->rm_call.cb_cred;
|
|
+ if (oa->oa_length > MAX_AUTH_BYTES)
|
|
+ return (FALSE);
|
|
+
|
|
+ /* 8 XDR units from the IXDR macro calls. */
|
|
+ if (sizeof(rpchdr) < (8 * BYTES_PER_XDR_UNIT +
|
|
+ RNDUP(oa->oa_length)))
|
|
+ return (FALSE);
|
|
+
|
|
buf = (int32_t *)(void *)rpchdr;
|
|
IXDR_PUT_LONG(buf, msg->rm_xid);
|
|
IXDR_PUT_ENUM(buf, msg->rm_direction);
|
|
@@ -362,7 +371,6 @@
|
|
IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
|
|
IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
|
|
IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
|
|
- oa = &msg->rm_call.cb_cred;
|
|
IXDR_PUT_ENUM(buf, oa->oa_flavor);
|
|
IXDR_PUT_LONG(buf, oa->oa_length);
|
|
if (oa->oa_length) {
|