From 8d59d69449c2a86c478699a50d920541aa106201 Mon Sep 17 00:00:00 2001
From: Julien Chaffraix <julien.chaffraix@gmail.com>
Date: Sat, 13 Nov 2010 12:01:33 -0800
Subject: security: tighten enum protection_level usage.

While changing Curl_sec_read_msg to accept an enum protection_level
instead of an int, I went ahead and fixed the usage of the associated
fields.

Some code was assuming that prot_clear == 0. Fixed those to use the
proper value. Added assertions prior to any code that would set the
protection level.
---
 lib/pingpong.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'lib/pingpong.c')

diff --git a/lib/pingpong.c b/lib/pingpong.c
index bced110ed..01f850677 100644
--- a/lib/pingpong.c
+++ b/lib/pingpong.c
@@ -217,11 +217,13 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
 #endif /* CURL_DOES_CONVERSIONS */
 
 #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  DEBUGASSERT(prot_cmd > prot_none && prot_cmd < prot_last);
   conn->data_prot = prot_cmd;
 #endif
   res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,
                    &bytes_written);
 #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  DEBUGASSERT(data_sec > prot_none && data_sec < prot_last);
   conn->data_prot = data_sec;
 #endif
 
@@ -331,13 +333,13 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd,
       int res;
 #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
       enum protection_level prot = conn->data_prot;
-
-      conn->data_prot = 0;
+      conn->data_prot = prot_clear;
 #endif
       DEBUGASSERT((ptr+BUFSIZE-pp->nread_resp) <= (buf+BUFSIZE+1));
       res = Curl_read(conn, sockfd, ptr, BUFSIZE-pp->nread_resp,
                       &gotbytes);
 #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+      DEBUGASSERT(prot  > prot_none && prot < prot_last);
       conn->data_prot = prot;
 #endif
       if(res == CURLE_AGAIN)
-- 
cgit v1.2.3