oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kadmin: add_enctype check for bogus keys

Browse Source 
If kadmind returned bogus keys it means that the user lacks the
get-keys permission.   Generate a warning and exit.

Also use calloc() to allocate the new_key_data.

Change-Id: I21b697e2ff5adf753b1cfe698877b3f593bbea9e
This commit is contained in:
Nicolas Williams
2015-03-12 21:42:48 -04:00
committed by Jeffrey Altman
parent edb6c1b075
commit 7ab1e01d75
1 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
kadmin/add_enctype.c
View File

@@ -87,8 +87,14 @@ add_enctype(struct add_enctype_options*opt, int argc, char **argv)
goto out2;
}
new_key_data = malloc((princ.n_key_data + n_etypes)
* sizeof(*new_key_data));
/* Check that we got key data */
if (kadm5_all_keys_are_bogus(princ.n_key_data, princ.key_data)) {
krb5_warnx(context, "user lacks get-keys privilege");
goto out;
}
new_key_data = calloc(princ.n_key_data + n_etypes,
sizeof(*new_key_data));
if (new_key_data == NULL) {
krb5_warnx (context, "out of memory");
goto out;