From 7d459095377eff93b0e0bc1a96e1a4e9ecd817a1 Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Wed, 30 Oct 2013 14:26:15 -0500 Subject: [PATCH] Fix krb5's gss_pseudo_random() (n is big-endian) The first enctype RFC3961 prf output length's bytes are correct because the little- and big-endian representations of unsigned zero are the same. The second block of output was wrong because the counter was not being encoded as big-endian. This change could break applications. But those applications would not have been interoperating with other implementations anyways (in particular: MIT's). --- lib/gssapi/krb5/prf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/gssapi/krb5/prf.c b/lib/gssapi/krb5/prf.c index 162a30970..671ab2c6d 100644 --- a/lib/gssapi/krb5/prf.c +++ b/lib/gssapi/krb5/prf.c @@ -119,7 +119,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, while(dol > 0) { size_t tsize; - _gsskrb5_encode_om_uint32(num, input.data); + _gsskrb5_encode_be_om_uint32(num, input.data); ret = krb5_crypto_prf(context, crypto, &input, &output); if (ret) { @@ -133,7 +133,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status, tsize = min(dol, output.length); memcpy(p, output.data, tsize); - p += output.length; + p += tsize; dol -= tsize; krb5_data_free(&output); num++;