From b1fbe85f2a054d57a2c3f7edb6b967cc2ee2d3f2 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Mon, 22 Nov 2010 01:19:30 +1100
Subject: [PATCH] When processing error tokens at the initiator, verify minor
 status code is valid wire error with new IS_WIRE_ERROR macro

---
 accept_sec_context.c | 28 ++++++----------------------
 gssapiP_eap.h        |  3 +++
 init_sec_context.c   |  2 +-
 3 files changed, 10 insertions(+), 23 deletions(-)

diff --git a/accept_sec_context.c b/accept_sec_context.c
index 260b233..7fa39ef 100644
--- a/accept_sec_context.c
+++ b/accept_sec_context.c
@@ -511,28 +511,12 @@ makeErrorToken(OM_uint32 *minor,
      * Only return error codes that the initiator could have caused,
      * to avoid information leakage.
      */
-    switch (minorStatus) {
-    case GSSEAP_WRONG_SIZE:
-    case GSSEAP_WRONG_MECH:
-    case GSSEAP_BAD_TOK_HEADER:
-    case GSSEAP_TOK_TRUNC:
-    case GSSEAP_BAD_DIRECTION:
-    case GSSEAP_WRONG_TOK_ID:
-    case GSSEAP_CRIT_EXT_UNAVAILABLE:
-    case GSSEAP_MISSING_REQUIRED_EXT:
-    case GSSEAP_KEY_UNAVAILABLE:
-    case GSSEAP_KEY_TOO_SHORT:
-    case GSSEAP_RADIUS_AUTH_FAILURE:
-    case GSSEAP_UNKNOWN_RADIUS_CODE:
-    case GSSEAP_MISSING_EAP_REQUEST:
-        break;
-    default:
-        if (IS_RADIUS_ERROR(minorStatus))
-            /* Squash RADIUS error codes */
-            minorStatus = GSSEAP_RADIUS_PROT_FAILURE;
-        else
-            /* Don't return system error codes */
-            return GSS_S_COMPLETE;
+    if (IS_RADIUS_ERROR(minorStatus)) {
+        /* Squash RADIUS error codes */
+        minorStatus = GSSEAP_RADIUS_PROT_FAILURE;
+    } else if (!IS_WIRE_ERROR(minorStatus)) {
+        /* Don't return non-wire error codes */
+        return GSS_S_COMPLETE;
     }
 
     minorStatus -= ERROR_TABLE_BASE_eapg;
diff --git a/gssapiP_eap.h b/gssapiP_eap.h
index e1f0a66..274d694 100644
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -245,6 +245,9 @@ rfc4121Flags(gss_ctx_id_t ctx, int receiving);
 void
 gssEapSaveStatusInfo(OM_uint32 minor, const char *format, ...);
 
+#define IS_WIRE_ERROR(err)              ((err) > GSSEAP_RESERVED && \
+                                         (err) <= GSSEAP_RADIUS_PROT_FAILURE)
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/init_sec_context.c b/init_sec_context.c
index a195815..bc3f554 100644
--- a/init_sec_context.c
+++ b/init_sec_context.c
@@ -616,7 +616,7 @@ eapGssSmInitError(OM_uint32 *minor,
     major = load_uint32_be(&p[0]);
     *minor = ERROR_TABLE_BASE_eapg + load_uint32_be(&p[4]);
 
-    if (!GSS_ERROR(major)) {
+    if (!GSS_ERROR(major) || !IS_WIRE_ERROR(*minor)) {
         major = GSS_S_FAILURE;
         *minor = GSSEAP_BAD_ERROR_TOKEN;
     }
-- 
2.1.4