gsskrb5: make the check for dcestyle and conf_req_flag == 0 more explicit

author Stefan Metzmacher <metze@samba.org>

Thu, 20 Aug 2009 11:02:28 +0000 (13:02 +0200)

committer Love Hornquist Astrand <lha@h5l.org>

Wed, 26 Aug 2009 06:34:38 +0000 (23:34 -0700)
author Stefan Metzmacher <metze@samba.org>
Thu, 20 Aug 2009 11:02:28 +0000 (13:02 +0200)
committer Love Hornquist Astrand <lha@h5l.org>
Wed, 26 Aug 2009 06:34:38 +0000 (23:34 -0700)
diff --git a/lib/gssapi/krb5/cfx.c b/lib/gssapi/krb5/cfx.c

index 4a92d75901f8a7140a7662e0633e9e2f435f777f..bf4dfd7934e14b97dd3a1c186e4b289abaa63275 100755 (executable)
--- a/lib/gssapi/krb5/cfx.c
+++ b/lib/gssapi/krb5/cfx.c
@@ -365,6 +365,11 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
         gsshsize = sizeof(gss_cfx_wrap_token_desc) + k5hsize;
         gsstsize = sizeof(gss_cfx_wrap_token_desc) + ec + k5tsize;
      } else {
+       if (IS_DCE_STYLE(ctx)) {
+           *minor_status = EINVAL;
+           return GSS_S_FAILURE;
+       }
+
         k5hsize = 0;
         *minor_status = krb5_crypto_length(context, ctx->crypto,
                                            KRB5_CRYPTO_TYPE_CHECKSUM,
@@ -381,12 +386,6 @@ _gssapi_wrap_cfx_iov(OM_uint32 *minor_status,
       */
  
      if (trailer == NULL) {
-       /* conf_req_flag=0 doesn't support DCE_STYLE */
-       if (conf_req_flag == 0) {
-           *minor_status = EINVAL;
-           major_status = GSS_S_FAILURE;
-           goto failure;
-       }           
         rrc = gsstsize;
         if (IS_DCE_STYLE(ctx))
             rrc -= ec;
author	Stefan Metzmacher <metze@samba.org>
	Thu, 20 Aug 2009 11:02:28 +0000 (13:02 +0200)
committer	Love Hornquist Astrand <lha@h5l.org>
	Wed, 26 Aug 2009 06:34:38 +0000 (23:34 -0700)