From 5bb7b3bc79253c1024768a5a79c30cfaf3aa48d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Mon, 18 Jun 2007 20:45:21 +0000 Subject: [PATCH] (decrypt_internal_derived): make sure length is longer then confounder + checksum. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21130 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/crypto.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 056a3e2e3..83b01b98a 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -3162,8 +3162,9 @@ decrypt_internal_derived(krb5_context context, unsigned long l; checksum_sz = CHECKSUMSIZE(et->keyed_checksum); - if (len < checksum_sz) { - krb5_set_error_string(context, "Encrypted data shorter then checksum"); + if (len < checksum_sz + et->confoundersize) { + krb5_set_error_string(context, "Encrypted data shorter then " + "checksum + confunder"); return KRB5_BAD_MSIZE; }