oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kdc: Don’t abort if krb5_generate_random_keyblock() fails

Browse Source 
There are a few reasons that this function could fail (e.g., failure to
allocate memory) besides random number generation being unavailable. No
other caller abort()s on failure like this.

Furthermore, krb5_generate_random_block(), which is called by
krb5_generate_random_keyblock(), already aborts if random generation
fails.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This commit is contained in:
Joseph Sutton
2023-04-27 13:11:40 +12:00
committed by Nico Williams
parent 43a4c01126
commit 043b0d02c1
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kdc/fast.c
View File

@@ -799,8 +799,10 @@ _kdc_fast_strengthen_reply_key(astgs_request_t r)
ret = krb5_generate_random_keyblock(r->context, r->reply_key.keytype,
&r->strengthen_key);
if (ret)
krb5_abortx(r->context, "random generator fail");
if (ret) {
kdc_log(r->context, r->config, 0, "failed to prepare random keyblock");
return ret;
}
ret = _krb5_fast_cf2(r->context,
&r->strengthen_key, "strengthenkey",