util_saml: correctly account for gss lengths

[mech_eap.orig] / verify_mic.c

diff --git a/verify_mic.c b/verify_mic.c
index 2d72307..0a56949 100644 (file)
--- a/verify_mic.c
+++ b/verify_mic.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30,6 +30,10 @@
  * SUCH DAMAGE.
  */
 
+/*
+ * Message protection services: verify a message integrity check.
+ */
+
 #include "gssapiP_eap.h"
 
 OM_uint32
@@ -39,14 +43,17 @@ gss_verify_mic(OM_uint32 *minor,
                gss_buffer_t message_token,
                gss_qop_t *qop_state)
 {
+    OM_uint32 major;
     gss_iov_buffer_desc iov[3];
     int conf_state;
 
     if (message_token->length < 16) {
-        *minor = KRB5_BAD_MSIZE;
+        *minor = GSSEAP_TOK_TRUNC;
         return GSS_S_BAD_SIG;
     }
 
+    *minor = 0;
+
     iov[0].type = GSS_IOV_BUFFER_TYPE_DATA;
     iov[0].buffer = *message_buffer;
 
@@ -58,6 +65,12 @@ gss_verify_mic(OM_uint32 *minor,
     iov[2].buffer.length = message_token->length - 16;
     iov[2].buffer.value = (unsigned char *)message_token->value + 16;
 
-    return gssEapUnwrapOrVerifyMIC(minor, ctx, &conf_state, qop_state,
-                                   iov, 3, TOK_TYPE_MIC);
+    GSSEAP_MUTEX_LOCK(&ctx->mutex);
+
+    major = gssEapUnwrapOrVerifyMIC(minor, ctx, &conf_state, qop_state,
+                                    iov, 3, TOK_TYPE_MIC);
+
+    GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+
+    return major;
 }