• Jeff Layton's avatar
    sunrpc: trim off trailing checksum before returning decrypted or integrity authenticated buffer · 4c190e2f
    Jeff Layton authored
    When GSSAPI integrity signatures are in use, or when we're using GSSAPI
    privacy with the v2 token format, there is a trailing checksum on the
    xdr_buf that is returned.
    
    It's checked during the authentication stage, and afterward nothing
    cares about it. Ordinarily, it's not a problem since the XDR code
    generally ignores it, but it will be when we try to compute a checksum
    over the buffer to help prevent XID collisions in the duplicate reply
    cache.
    
    Fix the code to trim off the checksums after verifying them. Note that
    in unwrap_integ_data, we must avoid trying to reverify the checksum if
    the request was deferred since it will no longer be present when it's
    revisited.
    Signed-off-by: default avatarJeff Layton <jlayton@redhat.com>
    4c190e2f
gss_krb5_wrap.c 17.3 KB