lib/krb5: Implement krb5_c_random_make_octets correctly
The function, found in lib/krb5/mit_glue.c, is currently using krb5_generate_random_keyblock(). This compiles because warning-level is not high enough, but does not work. At runtime the krb5_generate_random_keyblock() interprets the second argument as the krb5_enctype (rather than a length of anything) and tries to verify it. When the length does not match any known enctype, as usually happens, the function fails and returns an error. If the length happened to correspond to an enctype, the function would likely crash due to misinterpreting its third argument as a valid krb5_keyblock. The change uses krb5_generate_random_block() instead. This function does not return anything -- upon detecting failure it will cause the entire application to exist instead... Change-Id: I865a360037a513ce91abc7abba1dc554f844b464
This commit is contained in:
Mikhail T
committed by
Jeffrey Altman
Jeffrey Altman
parent
b7cf5e7caf
commit
9f6baf00f6
@@ -378,7 +378,8 @@ krb5_c_prf(krb5_context context,
|
|||||||
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
|
||||||
krb5_c_random_make_octets(krb5_context context, krb5_data * data)
|
krb5_c_random_make_octets(krb5_context context, krb5_data * data)
|
||||||
{
|
{
|
||||||
return krb5_generate_random_keyblock(context, data->length, data->data);
|
krb5_generate_random_block(data->data, data->length);
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user