From 3aee9faba7850e1f50b6ff54c90c3cef16d45d4d Mon Sep 17 00:00:00 2001
From: "Enrico Weigelt, metux IT consult" <info@metux.net>
Date: Mon, 10 Mar 2025 14:46:32 +0100
Subject: [PATCH] (!1901) os: auth: protect against duplicate auth keys

Protect the Add() proto funcs from adding duplicate auth keys.
If adding a duplicate is attempted, the XID of the already
existing one is returned instead.

Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
---
 os/mitauth.c | 7 +++++++
 os/xdmauth.c | 8 ++++++++
 2 files changed, 15 insertions(+)

diff --git a/os/mitauth.c b/os/mitauth.c
index 6c805e7c9..c61918572 100644
--- a/os/mitauth.c
+++ b/os/mitauth.c
@@ -51,6 +51,13 @@ MitAddCookie(unsigned short data_length, const char *data)
 {
     struct auth *new;
 
+    // check for possible duplicate and return it instead
+    for (struct auth *walk=mit_auth; walk; walk=walk->next) {
+        if ((walk->len == data_length) &&
+            (memcmp(walk->data, data, data_length) == 0))
+            return walk->id;
+    }
+
     new = malloc(sizeof(struct auth));
     if (!new)
         return 0;
diff --git a/os/xdmauth.c b/os/xdmauth.c
index e1d5a78f1..296269e41 100644
--- a/os/xdmauth.c
+++ b/os/xdmauth.c
@@ -354,6 +354,14 @@ XdmAddCookie(unsigned short data_length, const char *data)
     /* the first octet of the key must be zero */
     if (key_bits[0] != '\0')
         return 0;
+
+    /* check for possible duplicate and return it */
+    for (XdmAuthorizationRec *walk = xdmAuth; walk; walk=walk->next) {
+        if ((memcmp(walk->key.data, key_bits, 8)==0) &&
+            (memcmp(walk->rho.data, rho_bits, 8)==0))
+            return walk->id;
+    }
+
     new = malloc(sizeof(XdmAuthorizationRec));
     if (!new)
         return 0;