X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=blobdiff_plain;f=mech_eap%2Funwrap_iov.c;h=ba220794603ef24677d096ba40d4cb7223ec1c24;hp=5ceefa2ab829448e74448866e74c7b3659a9138f;hb=HEAD;hpb=a1e95d663ffdd950ced493e84f8bf5453c858bd8

diff --git a/mech_eap/unwrap_iov.c b/mech_eap/unwrap_iov.c
index 5ceefa2..ba22079 100644
--- a/mech_eap/unwrap_iov.c
+++ b/mech_eap/unwrap_iov.c
@@ -102,7 +102,7 @@ unwrapToken(OM_uint32 *minor,
     if (qop_state != NULL)
         *qop_state = GSS_C_QOP_DEFAULT;
 
-    header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+    header = gssEapLocateHeaderIov(iov, iov_count, toktype);
     GSSEAP_ASSERT(header != NULL);
 
     padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
@@ -226,14 +226,16 @@ unwrapToken(OM_uint32 *minor,
 
             code = gssEapVerify(krbContext, ctx->checksumType, rrc,
                                 KRB_CRYPTO_CONTEXT(ctx), keyUsage,
-                                iov, iov_count, &valid);
+                                iov, iov_count, toktype, &valid);
             if (code != 0 || valid == FALSE) {
                 major = GSS_S_BAD_SIG;
                 goto cleanup;
             }
         }
 
-        code = sequenceCheck(minor, &ctx->seqState, seqnum);
+        major = sequenceCheck(&code, &ctx->seqState, seqnum);
+        if (GSS_ERROR(major))
+            goto cleanup;
     } else if (toktype == TOK_TYPE_MIC) {
         if (load_uint16_be(ptr) != toktype)
             goto defective;
@@ -243,21 +245,19 @@ unwrapToken(OM_uint32 *minor,
             goto defective;
         seqnum = load_uint64_be(ptr + 8);
 
-        /*
-         * Although MIC tokens don't have a RRC, they are similarly
-         * composed of a header and a checksum. So the verify_mic()
-         * can be implemented with a single header buffer, fake the
-         * RRC to the putative trailer length if no trailer buffer.
-         */
-        code = gssEapVerify(krbContext, ctx->checksumType,
-                            trailer != NULL ? 0 : header->buffer.length - 16,
+        /* For MIC tokens, the GSS header and checksum are in the same buffer.
+         * Fake up an RRC so that the checksum is expected in the header. */
+        rrc = (trailer != NULL) ? 0 : header->buffer.length - 16;
+        code = gssEapVerify(krbContext, ctx->checksumType, rrc,
                             KRB_CRYPTO_CONTEXT(ctx), keyUsage,
-                            iov, iov_count, &valid);
+                            iov, iov_count, toktype, &valid);
         if (code != 0 || valid == FALSE) {
             major = GSS_S_BAD_SIG;
             goto cleanup;
         }
-        code = sequenceCheck(minor, &ctx->seqState, seqnum);
+        major = sequenceCheck(&code, &ctx->seqState, seqnum);
+        if (GSS_ERROR(major))
+            goto cleanup;
     } else if (toktype == TOK_TYPE_DELETE_CONTEXT) {
         if (load_uint16_be(ptr) != TOK_TYPE_DELETE_CONTEXT)
             goto defective;