gss_krb5: create a define for token header size and clean up ptr location

cleanup: Document token header size with a #define instead of open-coding it. Don't needlessly increment "ptr" past the beginning of the header which makes the values passed to functions more understandable and eliminates the need for extra "krb5_hdr" pointer. Clean up some intersecting white-space issues flagged by checkpatch.pl. This leaves the checksum length hard-coded at 8 for DES. A later patch cleans that up. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
author: Kevin Coffman <kwc@citi.umich.edu> 2008-04-30 12:45:53 -0400
committer: J. Bruce Fields <bfields@citi.umich.edu> 2008-06-23 13:47:25 -0400
commit: d00953a53e9a2edbe005c1e596f1e96a8a293401 (patch)
tree: 3e476deb8cfd5e97a48a725bb21af28dfdea879d /net/sunrpc/auth_gss/gss_krb5_unseal.c
parent: 8837abcab3d16608bd2c7fac051a839d48f2f30c (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index d91a5d004803..066ec73c84d6 100644
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -92,30 +92,30 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
                                        read_token->len))
                return GSS_S_DEFECTIVE_TOKEN;
-        if ((*ptr++ != ((KG_TOK_MIC_MSG>>8)&0xff)) ||
+        if ((ptr[0] != ((KG_TOK_MIC_MSG >> 8) & 0xff)) ||
-            (*ptr++ != ( KG_TOK_MIC_MSG    &0xff))   )
+            (ptr[1] !=  (KG_TOK_MIC_MSG & 0xff)))
                return GSS_S_DEFECTIVE_TOKEN;
        /* XXX sanity-check bodysize?? */
-        signalg = ptr[0] + (ptr[1] << 8);
+        signalg = ptr[2] + (ptr[3] << 8);
        if (signalg != SGN_ALG_DES_MAC_MD5)
                return GSS_S_DEFECTIVE_TOKEN;
-        sealalg = ptr[2] + (ptr[3] << 8);
+        sealalg = ptr[4] + (ptr[5] << 8);
        if (sealalg != SEAL_ALG_NONE)
                return GSS_S_DEFECTIVE_TOKEN;
-        if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
+        if ((ptr[6] != 0xff) || (ptr[7] != 0xff))
                return GSS_S_DEFECTIVE_TOKEN;
-        if (make_checksum("md5", ptr - 2, 8, message_buffer, 0, &md5cksum))
+        if (make_checksum("md5", ptr, 8, message_buffer, 0, &md5cksum))
                return GSS_S_FAILURE;
        if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, md5cksum.data, 16))
                return GSS_S_FAILURE;
-        if (memcmp(md5cksum.data + 8, ptr + 14, 8))
+        if (memcmp(md5cksum.data + 8, ptr + GSS_KRB5_TOK_HDR_LEN, 8))
                return GSS_S_BAD_SIG;
        /* it got through unscathed.  Make sure the context is unexpired */
@@ -127,7 +127,7 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
        /* do sequencing checks */
-        if (krb5_get_seq_num(ctx->seq, ptr + 14, ptr + 6, &direction, &seqnum))
+        if (krb5_get_seq_num(ctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, &direction, &seqnum))
                return GSS_S_FAILURE;
        if ((ctx->initiate && direction != 0xff) ||
author	Kevin Coffman <kwc@citi.umich.edu>	2008-04-30 12:45:53 -0400
committer	J. Bruce Fields <bfields@citi.umich.edu>	2008-06-23 13:47:25 -0400
commit	d00953a53e9a2edbe005c1e596f1e96a8a293401 (patch)
tree	3e476deb8cfd5e97a48a725bb21af28dfdea879d /net/sunrpc/auth_gss/gss_krb5_unseal.c
parent	8837abcab3d16608bd2c7fac051a839d48f2f30c (diff)

diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c index d91a5d004803..066ec73c84d6 100644 --- a/net/sunrpc/auth_gss/gss_krb5_unseal.c +++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -92,30 +92,30 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
92	read_token->len))	92	read_token->len))
93	return GSS_S_DEFECTIVE_TOKEN;	93	return GSS_S_DEFECTIVE_TOKEN;
94		94
95	if ((*ptr++ != ((KG_TOK_MIC_MSG>>8)&0xff)) \|\|	95	if ((ptr[0] != ((KG_TOK_MIC_MSG >> 8) & 0xff)) \|\|
96	(*ptr++ != ( KG_TOK_MIC_MSG &0xff)) )	96	(ptr[1] != (KG_TOK_MIC_MSG & 0xff)))
97	return GSS_S_DEFECTIVE_TOKEN;	97	return GSS_S_DEFECTIVE_TOKEN;
98		98
99	/* XXX sanity-check bodysize?? */	99	/* XXX sanity-check bodysize?? */
100		100
101	signalg = ptr[0] + (ptr[1] << 8);	101	signalg = ptr[2] + (ptr[3] << 8);
102	if (signalg != SGN_ALG_DES_MAC_MD5)	102	if (signalg != SGN_ALG_DES_MAC_MD5)
103	return GSS_S_DEFECTIVE_TOKEN;	103	return GSS_S_DEFECTIVE_TOKEN;
104		104
105	sealalg = ptr[2] + (ptr[3] << 8);	105	sealalg = ptr[4] + (ptr[5] << 8);
106	if (sealalg != SEAL_ALG_NONE)	106	if (sealalg != SEAL_ALG_NONE)
107	return GSS_S_DEFECTIVE_TOKEN;	107	return GSS_S_DEFECTIVE_TOKEN;
108		108
109	if ((ptr[4] != 0xff) \|\| (ptr[5] != 0xff))	109	if ((ptr[6] != 0xff) \|\| (ptr[7] != 0xff))
110	return GSS_S_DEFECTIVE_TOKEN;	110	return GSS_S_DEFECTIVE_TOKEN;
111		111
112	if (make_checksum("md5", ptr - 2, 8, message_buffer, 0, &md5cksum))	112	if (make_checksum("md5", ptr, 8, message_buffer, 0, &md5cksum))
113	return GSS_S_FAILURE;	113	return GSS_S_FAILURE;
114		114
115	if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, md5cksum.data, 16))	115	if (krb5_encrypt(ctx->seq, NULL, md5cksum.data, md5cksum.data, 16))
116	return GSS_S_FAILURE;	116	return GSS_S_FAILURE;
117		117
118	if (memcmp(md5cksum.data + 8, ptr + 14, 8))	118	if (memcmp(md5cksum.data + 8, ptr + GSS_KRB5_TOK_HDR_LEN, 8))
119	return GSS_S_BAD_SIG;	119	return GSS_S_BAD_SIG;
120		120
121	/* it got through unscathed. Make sure the context is unexpired */	121	/* it got through unscathed. Make sure the context is unexpired */
@@ -127,7 +127,7 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
127		127
128	/* do sequencing checks */	128	/* do sequencing checks */
129		129
130	if (krb5_get_seq_num(ctx->seq, ptr + 14, ptr + 6, &direction, &seqnum))	130	if (krb5_get_seq_num(ctx->seq, ptr + GSS_KRB5_TOK_HDR_LEN, ptr + 8, &direction, &seqnum))
131	return GSS_S_FAILURE;	131	return GSS_S_FAILURE;
132		132
133	if ((ctx->initiate && direction != 0xff) \|\|	133	if ((ctx->initiate && direction != 0xff) \|\|