oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gssapi/krb5: fix rc4-hmac gss_unwrap_iov() without DCE_STYLE

Browse Source 
gss_unwrap_iov() with rc4-hmac (RFC4757) encryption types would fail unless
GSS_C_DCE_STYLE was specified, as an incorrect length was passed to
_gssapi_verify_mech_header(). (The correct length is the header length for
GSS_C_DCE_STYLE, and the wrap token length otherwise.)
This commit is contained in:
Luke Howard
2020-07-11 18:21:54 +10:00
parent b73baa42ef
commit 4b543b727a
1 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/gssapi/krb5/arcfour.c
View File

@@ -1197,15 +1197,19 @@ _gssapi_unwrap_iov_arcfour(OM_uint32 *minor_status,
return GSS_S_FAILURE; return GSS_S_FAILURE;
} }
if (IS_DCE_STYLE(context)) { verify_len = header->buffer.length;
verify_len = GSS_ARCFOUR_WRAP_TOKEN_SIZE +
GSS_ARCFOUR_WRAP_TOKEN_DCE_DER_HEADER_SIZE; if (!IS_DCE_STYLE(context)) {
if (header->buffer.length > verify_len) { for (i = 0; i < iov_count; i++) {
return GSS_S_BAD_MECH; /* length in header also includes data and padding */
if (GSS_IOV_BUFFER_TYPE(iov[i].type) == GSS_IOV_BUFFER_TYPE_DATA)
verify_len += iov[i].buffer.length;
} }
} else {
verify_len = header->buffer.length; if (padding)
verify_len += padding->buffer.length;
} }
_p = header->buffer.value; _p = header->buffer.value;
ret = _gssapi_verify_mech_header(&_p, ret = _gssapi_verify_mech_header(&_p,