(decrypt_internal_derived): make sure length is longer then confounder

+ checksum. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21130 ec53bebd-3082-4978-b11e-865c3cabbd6b
2007-06-18 20:45:21 +00:00
parent 3a5f005244
commit 5bb7b3bc79
1 changed files with 3 additions and 2 deletions
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -3162,8 +3162,9 @@ decrypt_internal_derived(krb5_context context,
    unsigned long l;
    
    checksum_sz = CHECKSUMSIZE(et->keyed_checksum);
-    if (len < checksum_sz) {
-	krb5_set_error_string(context, "Encrypted data shorter then checksum");
+    if (len < checksum_sz + et->confoundersize) {
+	krb5_set_error_string(context, "Encrypted data shorter then "
+			      "checksum + confunder");
 	return KRB5_BAD_MSIZE;
    }