lib/krb5: Harden _krb5_derive_key()

Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from Samba commit afd8c389c92e38aa59a55127b2594023561b2ddd)
2016-11-18 18:02:30 +00:00
parent 85b9992d9a
commit 42fe2c2d85
1 changed files with 12 additions and 3 deletions
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -2148,8 +2148,12 @@ derive_key_rfc3961(krb5_context context,
 		memcpy(k + i * et->blocksize,
 		       k + (i - 1) * et->blocksize,
 		       et->blocksize);
-	    (*et->encrypt)(context, key, k + i * et->blocksize, et->blocksize,
-			   1, 0, NULL);
+	    ret = (*et->encrypt)(context, key, k + i * et->blocksize,
+				 et->blocksize, 1, 0, NULL);
+	    if (ret) {
+		    krb5_set_error_message(context, ret, N_("encrypt failed", ""));
+		    goto out;
+	    }
 	}
    } else {
 	/* this case is probably broken, but won't be run anyway */
@@ -2161,7 +2165,12 @@ derive_key_rfc3961(krb5_context context,
 	    goto out;
 	}
 	memcpy(c, constant, len);
-	(*et->encrypt)(context, key, c, len, 1, 0, NULL);
+	ret = (*et->encrypt)(context, key, c, len, 1, 0, NULL);
+	if (ret) {
+		free(c);
+		krb5_set_error_message(context, ret, N_("encrypt failed", ""));
+		goto out;
+	}
 	k = malloc(res_len);
 	if(res_len != 0 && k == NULL) {
 	    free(c);