oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Allow zero-length encrypt IOVs in _krb5_evp_encrypt_iov_cts()

Browse Source 
The iovec encryption code doesn't handle 0 length iovecs correctly.
Instead of just skipping them, _krb5_evp_encrypt_iov_cts() will spin
on the 0 length iovec.

Modify the _krb5_evp_iov_cursor_expand helper so that iovec expansion
simply skips 0 length iovecs, and make _krb5_evp_iov_cursor_nextcrypt
do the same.

Original bug report and tests from Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Simon Wilkinson
2018-09-18 15:43:28 +01:00
committed by Jeffrey Altman
parent d570541e3d
commit 07b3e6fd74
2 changed files with 45 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/krb5/crypto-evp.c
View File

@@ -220,8 +220,9 @@ _krb5_evp_iov_cursor_expand(struct _krb5_evp_iov_cursor *cursor)
return;
while (_krb5_evp_iov_should_encrypt(&cursor->iov[cursor->nextidx])) {
if ((char *)cursor->current.data + cursor->current.length
!= cursor->iov[cursor->nextidx].data.data) {
if (cursor->iov[cursor->nextidx].data.length != 0 &&
((char *)cursor->current.data + cursor->current.length
!= cursor->iov[cursor->nextidx].data.data)) {
return;
}
cursor->current.length += cursor->iov[cursor->nextidx].data.length;
@@ -237,7 +238,8 @@ static inline void
_krb5_evp_iov_cursor_nextcrypt(struct _krb5_evp_iov_cursor *cursor)
{
for (; cursor->nextidx < cursor->niov; cursor->nextidx++) {
if (_krb5_evp_iov_should_encrypt(&cursor->iov[cursor->nextidx])) {
if (_krb5_evp_iov_should_encrypt(&cursor->iov[cursor->nextidx])
&& cursor->iov[cursor->nextidx].data.length != 0) {
cursor->current = cursor->iov[cursor->nextidx].data;
cursor->nextidx++;
_krb5_evp_iov_cursor_expand(cursor);