oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kadmin: add_enctype check for bogus keys

Browse Source 
If kadmind returned bogus keys it means that the user lacks the
get-keys permission.   Generate a warning and exit.

Also use calloc() to allocate the new_key_data.

Change-Id: I21b697e2ff5adf753b1cfe698877b3f593bbea9e
This commit is contained in:
Nicolas Williams
2015-03-12 21:42:48 -04:00
committed by Jeffrey Altman
parent edb6c1b075
commit 7ab1e01d75
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
kadmin/add_enctype.c
View File

@@ -82,13 +82,19 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv)
ret = kadm5_get_principal(kadm_handle, princ_ent, &princ, ret = kadm5_get_principal(kadm_handle, princ_ent, &princ,
KADM5_KVNO | KADM5_PRINCIPAL | KADM5_KEY_DATA); KADM5_KVNO | KADM5_PRINCIPAL | KADM5_KEY_DATA);
if (ret) { if (ret) {
krb5_free_principal (context, princ_ent); krb5_free_principal(context, princ_ent);
krb5_warnx (context, "no such principal: %s", princ_name); krb5_warnx(context, "no such principal: %s", princ_name);
goto out2; goto out2;
} }
new_key_data = malloc((princ.n_key_data + n_etypes) /* Check that we got key data */
* sizeof(*new_key_data)); if (kadm5_all_keys_are_bogus(princ.n_key_data, princ.key_data)) {
krb5_warnx(context, "user lacks get-keys privilege");
goto out;
}
new_key_data = calloc(princ.n_key_data + n_etypes,
sizeof(*new_key_data));
if (new_key_data == NULL) { if (new_key_data == NULL) {
krb5_warnx (context, "out of memory"); krb5_warnx (context, "out of memory");
goto out; goto out;