(hdb_unseal_keys_mkey): truncate key to the key length when key is
longer then expected length, its probably longer since the encrypted data was padded, reported by Aidan Cully <aidan@kublai.com> git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11931 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -377,6 +377,7 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
|
|||||||
int i;
|
int i;
|
||||||
krb5_error_code ret;
|
krb5_error_code ret;
|
||||||
krb5_data res;
|
krb5_data res;
|
||||||
|
size_t keysize;
|
||||||
Key *k;
|
Key *k;
|
||||||
|
|
||||||
for(i = 0; i < ent->keys.len; i++){
|
for(i = 0; i < ent->keys.len; i++){
|
||||||
@@ -398,9 +399,21 @@ hdb_unseal_keys_mkey(krb5_context context, hdb_entry *ent, hdb_master_key mkey)
|
|||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
/* fixup keylength if the key got padded when encrypting it */
|
||||||
|
ret = krb5_enctype_keysize(context, k->key.keytype, &keysize);
|
||||||
|
if (ret) {
|
||||||
|
krb5_data_free(&res);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
if (keysize > res.length) {
|
||||||
|
krb5_data_free(&res);
|
||||||
|
return KRB5_BAD_KEYSIZE;
|
||||||
|
}
|
||||||
|
|
||||||
memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
|
memset(k->key.keyvalue.data, 0, k->key.keyvalue.length);
|
||||||
free(k->key.keyvalue.data);
|
free(k->key.keyvalue.data);
|
||||||
k->key.keyvalue = res;
|
k->key.keyvalue = res;
|
||||||
|
k->key.keyvalue.length = keysize;
|
||||||
free(k->mkvno);
|
free(k->mkvno);
|
||||||
k->mkvno = NULL;
|
k->mkvno = NULL;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user