oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Clear DES key (schedule) in unwrap BAD_MIC case

Browse Source 
We generally clear out the cryptographic key and key schedule from
local variables before relinquishing control flow, but this case was
missed.  Reported by jhb@FreeBSD.org.
This commit is contained in:
Benjamin Kaduk
2018-09-22 09:27:06 -05:00
committed by Jeffrey Altman
parent 1feff82129
commit 56fe2f8620
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/gssapi/krb5/unwrap.c
View File

@@ -135,8 +135,11 @@ unwrap_des
DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
&schedule, &zero);
if (ct_memcmp (p - 8, hash, 8) != 0)
if (ct_memcmp (p - 8, hash, 8) != 0) {
memset_s(&deskey, sizeof(deskey), 0, sizeof(deskey));
memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule));
return GSS_S_BAD_MIC;
}
/* verify sequence number */