svn commit: lorikeet r706 - in trunk/heimdal/lib/krb5: .

Wed, 10 Jan 2007 18:12:06 -0800 

Author: lha
Date: 2007-01-11 02:11:34 +0000 (Thu, 11 Jan 2007)
New Revision: 706

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=lorikeet&rev=706

Log:
unbreak pac handling
Modified:
   trunk/heimdal/lib/krb5/pac.c


Changeset:
Modified: trunk/heimdal/lib/krb5/pac.c
===================================================================
--- trunk/heimdal/lib/krb5/pac.c        2007-01-10 19:42:24 UTC (rev 705)
+++ trunk/heimdal/lib/krb5/pac.c        2007-01-11 02:11:34 UTC (rev 706)
@@ -33,7 +33,7 @@
 
 #include "krb5_locl.h"
 
-RCSID("$Id: pac.c,v 1.13 2007/01/09 11:22:56 lha Exp $");
+RCSID("$Id: pac.c,v 1.14 2007/01/11 02:08:01 lha Exp $");
 
 struct PAC_INFO_BUFFER {
     uint32_t type;
@@ -252,12 +252,10 @@
 {
     krb5_error_code ret;
     void *ptr;
-    size_t len, offset, header_end;
+    size_t len, offset, header_end, old_end;
     uint32_t i;
 
-    len = p->pac->numbuffers + 1;
-    if (len < p->pac->numbuffers)
-       return EINVAL;
+    len = p->pac->numbuffers;
 
     ptr = realloc(p->pac,
                  sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
@@ -272,11 +270,12 @@
 
     offset = p->data.length + PAC_INFO_BUFFER_SIZE;
 
-    p->pac->buffers[len - 1].type = type;
-    p->pac->buffers[len - 1].buffersize = data->length;
-    p->pac->buffers[len - 1].offset_lo = offset;
-    p->pac->buffers[len - 1].offset_hi = 0;
+    p->pac->buffers[len].type = type;
+    p->pac->buffers[len].buffersize = data->length;
+    p->pac->buffers[len].offset_lo = offset;
+    p->pac->buffers[len].offset_hi = 0;
 
+    old_end = p->data.length;
     len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE;
     if (len < p->data.length) {
        krb5_set_error_string(context, "integer overrun");
@@ -292,14 +291,17 @@
        return ret;
     }
 
-    /* make place for PAC INFO BUFFER header */
+    /* 
+     * make place for new PAC INFO BUFFER header
+     */
     header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
-    memmove((unsigned char *)p->data.data + header_end,
-           (unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
-           PAC_INFO_BUFFER_SIZE);
+    memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
+           (unsigned char *)p->data.data + header_end ,
+           old_end - header_end);
+    memset((unsigned char *)p->data.data + header_end, 0, 
PAC_INFO_BUFFER_SIZE);
 
     /*
-     *
+     * copy in new data part
      */
 
     memcpy((unsigned char *)p->data.data + offset,

Reply via email to