|
 |
dbec422 |
diff --git a/src/kdc/do_as_req.c b/src/kdc/do_as_req.c
|
|
|
dbec422 |
index 52fbda5..680e6a1 100644
|
|
|
dbec422 |
--- a/src/kdc/do_as_req.c
|
|
|
dbec422 |
+++ b/src/kdc/do_as_req.c
|
|
|
dbec422 |
@@ -137,6 +137,11 @@ process_as_req(krb5_kdc_req *request, krb5_data *req_pkt,
|
|
|
dbec422 |
session_key.contents = 0;
|
|
|
dbec422 |
enc_tkt_reply.authorization_data = NULL;
|
|
|
dbec422 |
|
|
|
dbec422 |
+ if (request->msg_type != KRB5_AS_REQ) {
|
|
|
dbec422 |
+ status = "msg_type mismatch";
|
|
|
dbec422 |
+ errcode = KRB5_BADMSGTYPE;
|
|
|
dbec422 |
+ goto errout;
|
|
|
dbec422 |
+ }
|
|
|
dbec422 |
errcode = kdc_make_rstate(&state);
|
|
|
dbec422 |
if (errcode != 0) {
|
|
|
dbec422 |
status = "constructing state";
|
|
|
dbec422 |
diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c
|
|
|
dbec422 |
index 12180ff..c8cf692 100644
|
|
|
dbec422 |
--- a/src/kdc/do_tgs_req.c
|
|
|
dbec422 |
+++ b/src/kdc/do_tgs_req.c
|
|
|
dbec422 |
@@ -135,6 +135,8 @@ process_tgs_req(krb5_data *pkt, const krb5_fulladdr *from,
|
|
|
dbec422 |
retval = decode_krb5_tgs_req(pkt, &request);
|
|
|
dbec422 |
if (retval)
|
|
|
dbec422 |
return retval;
|
|
|
dbec422 |
+ if (request->msg_type != KRB5_TGS_REQ)
|
|
|
dbec422 |
+ return KRB5_BADMSGTYPE;
|
|
|
dbec422 |
|
|
|
dbec422 |
/*
|
|
|
dbec422 |
* setup_server_realm() sets up the global realm-specific data pointer.
|
|
|
dbec422 |
diff --git a/src/kdc/fast_util.c b/src/kdc/fast_util.c
|
|
|
dbec422 |
index d88e0cb..2639047 100644
|
|
|
dbec422 |
--- a/src/kdc/fast_util.c
|
|
|
dbec422 |
+++ b/src/kdc/fast_util.c
|
|
|
dbec422 |
@@ -384,7 +384,7 @@ krb5_error_code kdc_fast_handle_error
|
|
|
dbec422 |
krb5_data *encoded_e_data = NULL;
|
|
|
dbec422 |
|
|
|
dbec422 |
memset(outer_pa, 0, sizeof(outer_pa));
|
|
|
dbec422 |
- if (!state->armor_key)
|
|
|
dbec422 |
+ if (!state || !state->armor_key)
|
|
|
dbec422 |
return 0;
|
|
|
dbec422 |
fx_error = *err;
|
|
|
dbec422 |
fx_error.e_data.data = NULL;
|