hdb-ldb: check the SUPPLEMENTAL_CREDENTIALS_SIGNATURE

author Stefan Metzmacher <metze@samba.org>

Wed, 23 Jul 2008 11:41:51 +0000 (13:41 +0200)

committer Stefan Metzmacher <metze@samba.org>

Wed, 23 Jul 2008 12:46:08 +0000 (14:46 +0200)
author Stefan Metzmacher <metze@samba.org>
Wed, 23 Jul 2008 11:41:51 +0000 (13:41 +0200)
committer Stefan Metzmacher <metze@samba.org>
Wed, 23 Jul 2008 12:46:08 +0000 (14:46 +0200)
diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c

index 656849334a3b50b2f02c9c89071c948806a1243c..4b47dbf25933ee916fb0d1daa7b7eedde151ee33 100644 (file)
--- a/source4/kdc/hdb-ldb.c
+++ b/source4/kdc/hdb-ldb.c
@@ -221,6 +221,12 @@ static krb5_error_code LDB_message2entry_keys(krb5_context context,
                         goto out;
                 }
  
+               if (scb.sub.signature != SUPPLEMENTAL_CREDENTIALS_SIGNATURE) {
+                       NDR_PRINT_DEBUG(supplementalCredentialsBlob, &scb);
+                       ret = EINVAL;
+                       goto out;
+               }
+
                 for (i=0; i < scb.sub.num_packages; i++) {
                         if (scb.sub.packages[i].unknown1 != 0x00000001) {
                                 continue;
author	Stefan Metzmacher <metze@samba.org>
	Wed, 23 Jul 2008 11:41:51 +0000 (13:41 +0200)
committer	Stefan Metzmacher <metze@samba.org>
	Wed, 23 Jul 2008 12:46:08 +0000 (14:46 +0200)