File krb5-1.7-MITKRB5-SA-2010-001.dif of Package krb5

Index: krb5-1.7/src/kdc/do_as_req.c
===================================================================
--- krb5-1.7.orig/src/kdc/do_as_req.c
+++ krb5-1.7/src/kdc/do_as_req.c
@@ -137,6 +137,11 @@ process_as_req(krb5_kdc_req *request, kr
     session_key.contents = 0;
     enc_tkt_reply.authorization_data = NULL;
 
+    if (request->msg_type != KRB5_AS_REQ) {
+        status = "msg_type mismatch";
+        errcode = KRB5_BADMSGTYPE;
+        goto errout;
+    }
     errcode = kdc_make_rstate(&state);
     if (errcode != 0) {
 	status = "constructing state";
Index: krb5-1.7/src/kdc/do_tgs_req.c
===================================================================
--- krb5-1.7.orig/src/kdc/do_tgs_req.c
+++ krb5-1.7/src/kdc/do_tgs_req.c
@@ -135,6 +135,8 @@ process_tgs_req(krb5_data *pkt, const kr
     retval = decode_krb5_tgs_req(pkt, &request);
     if (retval)
         return retval;
+    if (request->msg_type != KRB5_TGS_REQ)
+        return KRB5_BADMSGTYPE;
 
     /*
      * setup_server_realm() sets up the global realm-specific data pointer.
Index: krb5-1.7/src/kdc/fast_util.c
===================================================================
--- krb5-1.7.orig/src/kdc/fast_util.c
+++ krb5-1.7/src/kdc/fast_util.c
@@ -378,7 +378,7 @@ krb5_error_code kdc_fast_handle_error
     krb5_data *encoded_e_data = NULL;
 
     memset(outer_pa, 0, sizeof(outer_pa));
-    if (!state->armor_key)
+    if (!state || !state->armor_key)
 	return 0;
     fx_error = *err;
     fx_error.e_data.data = NULL;