lib/krb5: Harden ARCFOUR_sub{en,de}crypt()

Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from Samba commit c15464f886f9734982123d38594073601d49f151)
2016-11-18 18:02:30 +00:00
parent 6fa09c001f
commit 85b9992d9a
1 changed files with 8 additions and 0 deletions
--- a/lib/krb5/crypto-arcfour.c
+++ b/lib/krb5/crypto-arcfour.c
@@ -137,6 +137,10 @@ ARCFOUR_subencrypt(krb5_context context,
    unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
    krb5_error_code ret;

+    if (len < 16) {
+	    return KRB5KRB_AP_ERR_INAPP_CKSUM;
+    }
+
    t[0] = (usage >>  0) & 0xFF;
    t[1] = (usage >>  8) & 0xFF;
    t[2] = (usage >> 16) & 0xFF;
@@ -205,6 +209,10 @@ ARCFOUR_subdecrypt(krb5_context context,
    unsigned char cksum_data[16];
    krb5_error_code ret;

+    if (len < 16) {
+	    return KRB5KRB_AP_ERR_INAPP_CKSUM;
+    }
+
    t[0] = (usage >>  0) & 0xFF;
    t[1] = (usage >>  8) & 0xFF;
    t[2] = (usage >> 16) & 0xFF;