oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Check return values from alloc functions. Prompted by patch of Charles Longeau.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21737 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2007-07-31 15:49:35 +00:00
parent 9f15cdccf2
commit 777869d68e
1 changed files with 44 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
lib/krb5/crypto.c
View File

@@ -425,6 +425,7 @@ DES3_string_to_key(krb5_context context,
size_t len; size_t len;
unsigned char tmp[24]; unsigned char tmp[24];
DES_cblock keys[3]; DES_cblock keys[3];
krb5_error_code ret;
len = password.length + salt.saltvalue.length; len = password.length + salt.saltvalue.length;
str = malloc(len); str = malloc(len);
@@ -439,7 +440,13 @@ DES3_string_to_key(krb5_context context,
DES_key_schedule s[3]; DES_key_schedule s[3];
int i; int i;
_krb5_n_fold(str, len, tmp, 24); ret = _krb5_n_fold(str, len, tmp, 24);
if (ret) {
memset(str, 0, len);
free(str);
krb5_set_error_string(context, "out of memory");
return ret;
}
for(i = 0; i < 3; i++){ for(i = 0; i < 3; i++){
memcpy(keys + i, tmp + i * 8, sizeof(keys[i])); memcpy(keys + i, tmp + i * 8, sizeof(keys[i]));
@@ -557,12 +564,14 @@ ARCFOUR_string_to_key(krb5_context context,
size_t len; size_t len;
int i; int i;
MD4_CTX m; MD4_CTX m;
krb5_error_code ret;
len = 2 * password.length; len = 2 * password.length;
s = malloc (len); s = malloc (len);
if (len != 0 && s == NULL) { if (len != 0 && s == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; ret = ENOMEM;
goto out;
} }
for (p = s, i = 0; i < password.length; ++i) { for (p = s, i = 0; i < password.length; ++i) {
*p++ = ((char *)password.data)[i]; *p++ = ((char *)password.data)[i];
@@ -571,11 +580,17 @@ ARCFOUR_string_to_key(krb5_context context,
MD4_Init (&m); MD4_Init (&m);
MD4_Update (&m, s, len); MD4_Update (&m, s, len);
key->keytype = enctype; key->keytype = enctype;
krb5_data_alloc (&key->keyvalue, 16); ret = krb5_data_alloc (&key->keyvalue, 16);
if (ret) {
krb5_set_error_string(context, "malloc: out of memory");
goto out;
}
MD4_Final (key->keyvalue.data, &m); MD4_Final (key->keyvalue.data, &m);
memset (s, 0, len); memset (s, 0, len);
ret = 0;
out:
free (s); free (s);
return 0; return ret;
} }
/* /*
@@ -1829,7 +1844,9 @@ create_checksum (krb5_context context,
} else } else
dkey = NULL; dkey = NULL;
result->cksumtype = ct->type; result->cksumtype = ct->type;
krb5_data_alloc(&result->checksum, ct->checksumsize); ret = krb5_data_alloc(&result->checksum, ct->checksumsize);
if (ret)
return (ret);
(*ct->checksum)(context, dkey, data, len, usage, result); (*ct->checksum)(context, dkey, data, len, usage, result);
return 0; return 0;
} }
@@ -3525,15 +3542,19 @@ derive_key(krb5_context context,
ret = _key_schedule(context, key); ret = _key_schedule(context, key);
if(ret) if(ret)
return ret; return ret;
if(et->blocksize * 8 < kt->bits || if(et->blocksize * 8 < kt->bits || len != et->blocksize) {
len != et->blocksize) {
nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8); nblocks = (kt->bits + et->blocksize * 8 - 1) / (et->blocksize * 8);
k = malloc(nblocks * et->blocksize); k = malloc(nblocks * et->blocksize);
if(k == NULL) { if(k == NULL) {
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
_krb5_n_fold(constant, len, k, et->blocksize); ret = _krb5_n_fold(constant, len, k, et->blocksize);
if (ret) {
free(k);
krb5_set_error_string(context, "out of memory");
return ret;
}
for(i = 0; i < nblocks; i++) { for(i = 0; i < nblocks; i++) {
if(i > 0) if(i > 0)
memcpy(k + i * et->blocksize, memcpy(k + i * et->blocksize,
@@ -3559,7 +3580,12 @@ derive_key(krb5_context context,
krb5_set_error_string(context, "malloc: out of memory"); krb5_set_error_string(context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
_krb5_n_fold(c, len, k, res_len); ret = _krb5_n_fold(c, len, k, res_len);
if (ret) {
free(k);
krb5_set_error_string(context, "out of memory");
return ret;
}
free(c); free(c);
} }
@@ -3821,7 +3847,12 @@ krb5_string_to_key_derived(krb5_context context,
krb5_set_error_string (context, "malloc: out of memory"); krb5_set_error_string (context, "malloc: out of memory");
return ENOMEM; return ENOMEM;
} }
_krb5_n_fold(str, len, tmp, keylen); ret = _krb5_n_fold(str, len, tmp, keylen);
if (ret) {
free(tmp);
krb5_set_error_string(context, "out of memory");
return ret;
}
kd.schedule = NULL; kd.schedule = NULL;
DES3_postproc (context, tmp, keylen, &kd); /* XXX */ DES3_postproc (context, tmp, keylen, &kd); /* XXX */
memset(tmp, 0, keylen); memset(tmp, 0, keylen);
@@ -4122,7 +4153,7 @@ main()
d = _new_derived_key(crypto, usage); d = _new_derived_key(crypto, usage);
if(d == NULL) if(d == NULL)
return ENOMEM; krb5_errx(context, 1, "_new_derived_key failed");
krb5_copy_keyblock(context, crypto->key.key, &d->key); krb5_copy_keyblock(context, crypto->key.key, &d->key);
_krb5_put_int(constant, usage, 4); _krb5_put_int(constant, usage, 4);
derive_key(context, crypto->et, d, constant, sizeof(constant)); derive_key(context, crypto->et, d, constant, sizeof(constant));
@@ -4148,11 +4179,10 @@ main()
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */ "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; */
key.keyvalue.length = 4; key.keyvalue.length = 4;
d = calloc(1, sizeof(*d)); d = ecalloc(1, sizeof(*d));
d->key = &key; d->key = &key;
res.checksum.length = 20; res.checksum.length = 20;
res.checksum.data = malloc(res.checksum.length); res.checksum.data = emalloc(res.checksum.length);
SP_HMAC_SHA1_checksum(context, d, data, 28, &res); SP_HMAC_SHA1_checksum(context, d, data, 28, &res);
return 0; return 0;