STABLE12-kaanswertoolong-20040420

when determining whether or not the ticket len is too long for the
receiver to accept we want to compare against the actual ticket length
and not MAXKTCTICKETLEN which is what is used when sizeof(ktc_ticketAnswer)
is used for comparison.

(cherry picked from commit 37d106e228998d58cfe3427ba9bdae66e464c042)

diff --git a/src/kauth/kaprocs.c b/src/kauth/kaprocs.c
index b20d5a9944f317fab187309112f4bcfb5c9dcf74..0c2c1b7efcef67d95fda9457f09f74ac4ad7450c 100644 (file)
--- a/src/kauth/kaprocs.c
+++ b/src/kauth/kaprocs.c
@@ -928,7 +928,8 @@ PrepareTicketAnswer
     afs_int32 cksum;
 
     code = KAANSWERTOOLONG;
-    if (oanswer->MaxSeqLen < sizeof(struct ka_ticketAnswer) - 5*MAXKTCNAMELEN)
+    if (oanswer->MaxSeqLen <
+       sizeof(struct ka_ticketAnswer) - 5 * MAXKTCNAMELEN - MAXKTCTICKETLEN + ticketLen)
        return code;
 
     answer = (struct ka_ticketAnswer *)oanswer->SeqBody;
@@ -1762,8 +1763,9 @@ static afs_int32 GetTicket (version, call, kvno, authDomain, aticket,
     switch (version) {
       case 0:
        code = KAANSWERTOOLONG;
-       if (oanswer->MaxSeqLen <
-           sizeof(struct ka_getTicketAnswer) - 5*MAXKTCNAMELEN) goto abort;
+        if (oanswer->MaxSeqLen < sizeof(struct ka_getTicketAnswer) - 5 
+           * MAXKTCNAMELEN - MAXKTCTICKETLEN + ticketLen)
+           goto abort;
        
        answer = (struct ka_getTicketAnswer *)oanswer->SeqBody;
        memcpy(&answer->sessionKey, &sessionKey, sizeof(struct ktc_encryptionKey));