From 9f6baf00f6b7c6f4bb6a231cf1753234b9f6148d Mon Sep 17 00:00:00 2001 From: Mikhail T Date: Sat, 18 Jun 2016 17:35:16 -0400 Subject: [PATCH] lib/krb5: Implement krb5_c_random_make_octets correctly The function, found in lib/krb5/mit_glue.c, is currently using krb5_generate_random_keyblock(). This compiles because warning-level is not high enough, but does not work. At runtime the krb5_generate_random_keyblock() interprets the second argument as the krb5_enctype (rather than a length of anything) and tries to verify it. When the length does not match any known enctype, as usually happens, the function fails and returns an error. If the length happened to correspond to an enctype, the function would likely crash due to misinterpreting its third argument as a valid krb5_keyblock. The change uses krb5_generate_random_block() instead. This function does not return anything -- upon detecting failure it will cause the entire application to exist instead... Change-Id: I865a360037a513ce91abc7abba1dc554f844b464 --- lib/krb5/mit_glue.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/krb5/mit_glue.c b/lib/krb5/mit_glue.c index 2c011c428..deee242c1 100644 --- a/lib/krb5/mit_glue.c +++ b/lib/krb5/mit_glue.c @@ -378,7 +378,8 @@ krb5_c_prf(krb5_context context, KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL krb5_c_random_make_octets(krb5_context context, krb5_data * data) { - return krb5_generate_random_keyblock(context, data->length, data->data); + krb5_generate_random_block(data->data, data->length); + return 0; } /**