oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

(hdb_unseal_keys_mkey): truncate key to the key length when key is

Browse Source 
longer then expected length, its probably longer since the encrypted
data was padded, reported by Aidan Cully <aidan@kublai.com>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11931 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2003-03-28 02:01:33 +00:00
parent a629c76a6c
commit 6db34748ac
1 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/hdb/mkey.c
View File

@@ -377,6 +377,7 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
int i;
krb5_error_code ret;
krb5_data res;
size_t keysize;
Key *k;
for(i = 0; i < ent->keys.len; i++){
@@ -398,9 +399,21 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
if (ret)
return ret;
/* fixup keylength if the key got padded when encrypting it */
ret = krb5_enctype_keysize(context, k->key.keytype, &keysize);
if (ret) {
krb5_data_free(&res);
return ret;
}
if (keysize > res.length) {
krb5_data_free(&res);
return KRB5_BAD_KEYSIZE;
}
memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
free(k->key.keyvalue.data);
k->key.keyvalue = res;
k->key.keyvalue.length = keysize;
free(k->mkvno);
k->mkvno = NULL;
}