From 6db34748ac5eacdf5473a421872a53d4cccadab4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Fri, 28 Mar 2003 02:01:33 +0000
Subject: [PATCH] (hdb_unseal_keys_mkey): truncate key to the key length when
 key is longer then expected length, its probably longer since the encrypted
 data was padded, reported by Aidan Cully <aidan@kublai.com>

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11931 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hdb/mkey.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/lib/hdb/mkey.c b/lib/hdb/mkey.c
index 8fd977753..a9d1afddf 100644
--- a/lib/hdb/mkey.c
+++ b/lib/hdb/mkey.c
@@ -377,6 +377,7 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
     int i;
     krb5_error_code ret;
     krb5_data res;
+    size_t keysize;
     Key *k;
 
     for(i = 0; i < ent->keys.len; i++){
@@ -398,9 +399,21 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
 	if (ret)
 	    return ret;
 
+	/* fixup keylength if the key got padded when encrypting it */
+	ret = krb5_enctype_keysize(context, k->key.keytype, &keysize);
+	if (ret) {
+	    krb5_data_free(&res);
+	    return ret;
+	}
+	if (keysize > res.length) {
+	    krb5_data_free(&res);
+	    return KRB5_BAD_KEYSIZE;
+	}
+
 	memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
 	free(k->key.keyvalue.data);
 	k->key.keyvalue = res;
+	k->key.keyvalue.length = keysize;
 	free(k->mkvno);
 	k->mkvno = NULL;
     }