security: tighten enum protection_level usage.

While changing Curl_sec_read_msg to accept an enum protection_level
instead of an int, I went ahead and fixed the usage of the associated
fields.

Some code was assuming that prot_clear == 0. Fixed those to use the
proper value. Added assertions prior to any code that would set the
protection level.

1 files changed, 4 insertions, 2 deletions

diff --git a/lib/pingpong.c b/lib/pingpong.c
index bced110ed..01f850677 100644
--- a/lib/pingpong.c
+++ b/lib/pingpong.c
@@ -217,11 +217,13 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
 #endif /* CURL_DOES_CONVERSIONS */
 
 #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  DEBUGASSERT(prot_cmd > prot_none && prot_cmd < prot_last);
   conn->data_prot = prot_cmd;
 #endif
   res = Curl_write(conn, conn->sock[FIRSTSOCKET], sptr, write_len,
                    &bytes_written);
 #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+  DEBUGASSERT(data_sec > prot_none && data_sec < prot_last);
   conn->data_prot = data_sec;
 #endif
 
@@ -331,13 +333,13 @@ CURLcode Curl_pp_readresp(curl_socket_t sockfd,
       int res;
 #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
       enum protection_level prot = conn->data_prot;
-
-      conn->data_prot = 0;
+      conn->data_prot = prot_clear;
 #endif
       DEBUGASSERT((ptr+BUFSIZE-pp->nread_resp) <= (buf+BUFSIZE+1));
       res = Curl_read(conn, sockfd, ptr, BUFSIZE-pp->nread_resp,
                       &gotbytes);
 #if defined(HAVE_KRB4) || defined(HAVE_GSSAPI)
+      DEBUGASSERT(prot  > prot_none && prot < prot_last);
       conn->data_prot = prot;
 #endif
       if(res == CURLE_AGAIN)