oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

krb5: Better checking for storage EOF

Browse Source
This commit is contained in:
Nicolas Williams
2022-12-22 17:55:13 -06:00
parent 662fda9608
commit 42b0702601
1 changed files with 24 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
lib/krb5/store.c
View File

@@ -300,7 +300,7 @@ krb5_storage_free(krb5_storage *sp)
} }
/** /**
* Copy the contnent of storage * Copy the content of storage to a krb5_data.
* *
* @param sp the storage to copy to a data * @param sp the storage to copy to a data
* @param data the copied data, free with krb5_data_free() * @param data the copied data, free with krb5_data_free()
@@ -329,9 +329,18 @@ krb5_storage_to_data(krb5_storage *sp, krb5_data *data)
return ret; return ret;
} }
if (size) { if (size) {
ssize_t bytes;
sp->seek(sp, 0, SEEK_SET); sp->seek(sp, 0, SEEK_SET);
sp->fetch(sp, data->data, data->length); bytes = sp->fetch(sp, data->data, data->length);
sp->seek(sp, pos, SEEK_SET); sp->seek(sp, pos, SEEK_SET);
/* sp->fetch() really shouldn't fail */
if (bytes < 0)
return sp->eof_code;
/* Maybe the underlying file (or whatever) got truncated? */
data->length = bytes;
} }
return 0; return 0;
} }
@@ -528,6 +537,8 @@ krb5_ret_int(krb5_storage *sp,
ret = sp->fetch(sp, v, 1); ret = sp->fetch(sp, v, 1);
if (ret < 0) if (ret < 0)
return errno; return errno;
if (ret != 1)
return sp->eof_code;
len = unpack_int_length(v); len = unpack_int_length(v);
if (len < 1) if (len < 1)
@@ -536,6 +547,8 @@ krb5_ret_int(krb5_storage *sp,
ret = sp->fetch(sp, v + 1, len - 1); ret = sp->fetch(sp, v + 1, len - 1);
if (ret < 0) if (ret < 0)
return errno; return errno;
if (ret != len - 1)
return sp->eof_code;
} }
ret = unpack_int(v, len, &w, &len); ret = unpack_int(v, len, &w, &len);
if (ret) if (ret)
@@ -816,10 +829,10 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_int8(krb5_storage *sp, krb5_ret_int8(krb5_storage *sp,
int8_t *value) int8_t *value)
{ {
int ret; ssize_t ret;
ret = sp->fetch(sp, value, sizeof(*value)); ret = sp->fetch(sp, value, sizeof(*value));
if (ret != sizeof(*value)) if (ret < 0 || (size_t)ret != sizeof(*value))
return (ret<0)?errno:sp->eof_code; return (ret<0)?errno:sp->eof_code;
return 0; return 0;
} }
@@ -937,7 +950,7 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
krb5_ret_data(krb5_storage *sp, krb5_ret_data(krb5_storage *sp,
krb5_data *data) krb5_data *data)
{ {
int ret; krb5_error_code ret;
int32_t size; int32_t size;
ret = krb5_ret_int32(sp, &size); ret = krb5_ret_int32(sp, &size);
@@ -950,8 +963,10 @@ krb5_ret_data(krb5_storage *sp,
if (ret) if (ret)
return ret; return ret;
if (size) { if (size) {
ret = sp->fetch(sp, data->data, size); ssize_t bytes;
if(ret != size) {
bytes = sp->fetch(sp, data->data, size);
if (bytes < 0 || bytes != size) {
krb5_data_free(data); krb5_data_free(data);
return (ret < 0)? errno : sp->eof_code; return (ret < 0)? errno : sp->eof_code;
} }
@@ -1869,7 +1884,8 @@ _krb5_ret_data_at_offset(krb5_storage *sp,
sp->seek(sp, offset, SEEK_SET); sp->seek(sp, offset, SEEK_SET);
size = sp->fetch(sp, data->data, length); size = sp->fetch(sp, data->data, length);
heim_assert(size == length, "incomplete buffer fetched"); if (size < 0 || (size_t)size != length)
return sp->eof_code;
} }
cleanup: cleanup: