util_saml: correctly account for gss lengths

[mech_eap.orig] / import_sec_context.c

diff --git a/import_sec_context.c b/import_sec_context.c
index 6ff212c..df52410 100644 (file)
--- a/import_sec_context.c
+++ b/import_sec_context.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -121,16 +121,9 @@ importMechanismOid(OM_uint32 *minor,
 
     oidBuf.elements = &p[4];
 
-    if (!gssEapIsConcreteMechanismOid(&oidBuf)) {
-        *minor = GSSEAP_WRONG_MECH;
-        return GSS_S_BAD_MECH;
-    }
-
-    if (!gssEapInternalizeOid(&oidBuf, pOid)) {
-        major = duplicateOid(minor, &oidBuf, pOid);
-        if (GSS_ERROR(major))
-            return major;
-    }
+    major = gssEapCanonicalizeOid(minor, &oidBuf, 0, pOid);
+    if (GSS_ERROR(major))
+        return major;
 
     *pBuf    += 4 + oidBuf.length;
     *pRemain -= 4 + oidBuf.length;
@@ -251,8 +244,8 @@ gssEapImportContext(OM_uint32 *minor,
     remain -= 16;
 
     /* Validate state */
-    if (ctx->state < GSSEAP_STATE_IDENTITY ||
-        ctx->state > GSSEAP_STATE_ESTABLISHED)
+    if (GSSEAP_SM_STATE(ctx) < GSSEAP_STATE_INITIAL ||
+        GSSEAP_SM_STATE(ctx) > GSSEAP_STATE_ESTABLISHED)
         return GSS_S_DEFECTIVE_TOKEN;
 
     /* Only acceptor can export partial context tokens */