Merge branch 'linus' into xen-64bit

[linux-2.6] / net / sunrpc / auth_gss / gss_krb5_unseal.c

diff --git a/net/sunrpc/auth_gss/gss_krb5_unseal.c b/net/sunrpc/auth_gss/gss_krb5_unseal.c
index 75a75a6d133657ed12546e28c9f11b83e7c6cf87..d91a5d0048039558bb4af282136ef54b0d2f95e3 100644 (file)
--- a/net/sunrpc/auth_gss/gss_krb5_unseal.c
+++ b/net/sunrpc/auth_gss/gss_krb5_unseal.c
@@ -82,11 +82,11 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
        struct xdr_netobj       md5cksum = {.len = 0, .data = cksumdata};
        s32                     now;
        int                     direction;
-       s32                     seqnum;
+       u32                     seqnum;
        unsigned char           *ptr = (unsigned char *)read_token->data;
        int                     bodysize;
 
-       dprintk("RPC:      krb5_read_token\n");
+       dprintk("RPC:       krb5_read_token\n");
 
        if (g_verify_token_header(&ctx->mech_used, &bodysize, &ptr,
                                        read_token->len))
@@ -99,16 +99,14 @@ gss_verify_mic_kerberos(struct gss_ctx *gss_ctx,
        /* XXX sanity-check bodysize?? */
 
        signalg = ptr[0] + (ptr[1] << 8);
-       sealalg = ptr[2] + (ptr[3] << 8);
-
-       /* Sanity checks */
-
-       if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
+       if (signalg != SGN_ALG_DES_MAC_MD5)
                return GSS_S_DEFECTIVE_TOKEN;
 
-       if (sealalg != 0xffff)
+       sealalg = ptr[2] + (ptr[3] << 8);
+       if (sealalg != SEAL_ALG_NONE)
                return GSS_S_DEFECTIVE_TOKEN;
-       if (signalg != SGN_ALG_DES_MAC_MD5)
+
+       if ((ptr[4] != 0xff) || (ptr[5] != 0xff))
                return GSS_S_DEFECTIVE_TOKEN;
 
        if (make_checksum("md5", ptr - 2, 8, message_buffer, 0, &md5cksum))