librpc/idl: Check protocol version number in Kerberos ccache parser

The ccache file format version is checked by the switch in OPTIONAL_HEADER.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

diff --git a/librpc/idl/krb5ccache.idl b/librpc/idl/krb5ccache.idl
index ee496f015f4d551abe028b4d53f8d1307434f3e1..f85931cca69e3dc81a97b8b04f60118b15c42347 100644 (file)
--- a/librpc/idl/krb5ccache.idl
+++ b/librpc/idl/krb5ccache.idl
@@ -103,7 +103,7 @@ interface krb5ccache
        /* Public structures. */
 
        typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
-               [value(5)] uint8 pvno;
+               [value(5),range(5,5)] uint8 pvno;
                [value(4)] uint8 version;
                [switch_is(version)] OPTIONAL_HEADER optional_header;
                PRINCIPAL principal;
@@ -142,8 +142,8 @@ interface krb5ccache
         * to indicate holes generated by MIT krb5 1.14
         */
        typedef [flag(NDR_NOALIGN|NDR_BIG_ENDIAN|NDR_PAHEX),public] struct {
-               [value(5)] uint8 pvno;
-               [value(2)] uint8 version;
+               [value(5),range(5,5)] uint8 pvno;
+               [value(2),range(2,2)] uint8 version;
                [subcontext(4)] KEYTAB_ENTRY entry;
                [flag(NDR_REMAINING)] DATA_BLOB further_entry;
        } KEYTAB;