diff --git a/kdc/524.c b/kdc/524.c index a09bf2498..eb3e3b44d 100644 --- a/kdc/524.c +++ b/kdc/524.c @@ -74,7 +74,12 @@ do_524(Ticket *t, krb5_data *reply, const char *from, struct sockaddr *addr) "when converting ticket from ", spn, from); goto out; } - krb5_crypto_init(context, &skey->key, 0, &crypto); + ret = krb5_crypto_init(context, &skey->key, 0, &crypto); + if (ret) { + kdc_log(0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + goto out; + } ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TICKET, diff --git a/kdc/kerberos5.c b/kdc/kerberos5.c index 6e79e74c7..66af8831c 100644 --- a/kdc/kerberos5.c +++ b/kdc/kerberos5.c @@ -173,7 +173,12 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, } - krb5_crypto_init(context, skey, etype, &crypto); + ret = krb5_crypto_init(context, skey, etype, &crypto); + if (ret) { + kdc_log(0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + return ret; + } krb5_encrypt_EncryptedData(context, crypto, @@ -196,7 +201,12 @@ encode_reply(KDC_REP *rep, EncTicketPart *et, EncKDCRepPart *ek, krb5_get_err_text(context, ret)); return ret; } - krb5_crypto_init(context, ckey, 0, &crypto); + ret = krb5_crypto_init(context, ckey, 0, &crypto); + if (ret) { + kdc_log(0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + return ret; + } if(rep->msg_type == krb_as_rep) { krb5_encrypt_EncryptedData(context, crypto, @@ -528,7 +538,14 @@ as_rep(KDC_REQ *req, continue; } - krb5_crypto_init(context, &pa_key->key, 0, &crypto); + ret = krb5_crypto_init(context, &pa_key->key, 0, &crypto); + if (ret) { + kdc_log(0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + free_EncryptedData(&enc_data); + continue; + } + ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_PA_ENC_TIMESTAMP, @@ -1245,7 +1262,12 @@ tgs_check_authenticator(krb5_auth_context ac, krb5_get_err_text(context, ret)); goto out; } - krb5_crypto_init(context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + kdc_log(0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + goto out; + } ret = krb5_verify_checksum(context, crypto, KRB5_KU_TGS_REQ_AUTH_CKSUM, @@ -1415,7 +1437,12 @@ tgs_rep2(KDC_REQ_BODY *b, ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; /* ? */ goto out2; } - krb5_crypto_init(context, subkey, 0, &crypto); + ret = krb5_crypto_init(context, subkey, 0, &crypto); + if (ret) { + kdc_log(0, "krb5_crypto_init failed: %s", + krb5_get_err_text(context, ret)); + goto out2; + } ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY, diff --git a/kuser/kdecode_ticket.c b/kuser/kdecode_ticket.c index 2e63b1257..f0c91c867 100644 --- a/kuser/kdecode_ticket.c +++ b/kuser/kdecode_ticket.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -61,7 +61,9 @@ print_and_decode_tkt (krb5_context context, if (ret) krb5_err (context, 1, ret, "krb5_string_to_key"); - krb5_crypto_init(context, &key, 0, &crypto); + ret = krb5_crypto_init(context, &key, 0, &crypto); + if (ret) + krb5_err (context, 1, ret, "krb5_crypto_init"); ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TICKET, &tkt.enc_part, &dec_data); diff --git a/lib/krb5/build_auth.c b/lib/krb5/build_auth.c index f54521920..79dc20e9c 100644 --- a/lib/krb5/build_auth.c +++ b/lib/krb5/build_auth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -126,6 +126,8 @@ krb5_build_authenticator (krb5_context context, } while(ret == ASN1_OVERFLOW); ret = krb5_crypto_init(context, &cred->session, enctype, &crypto); + if (ret) + goto fail; ret = krb5_encrypt (context, crypto, KRB5_KU_AP_REQ_AUTH, diff --git a/lib/krb5/get_cred.c b/lib/krb5/get_cred.c index 1fa9c89ff..5214e4a9a 100644 --- a/lib/krb5/get_cred.c +++ b/lib/krb5/get_cred.c @@ -325,7 +325,9 @@ decrypt_tkt_with_subkey (krb5_context context, size_t size; krb5_crypto crypto; - krb5_crypto_init(context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; ret = krb5_decrypt_EncryptedData (context, crypto, usage, @@ -334,7 +336,9 @@ decrypt_tkt_with_subkey (krb5_context context, krb5_crypto_destroy(context, crypto); if(ret && subkey){ /* DCE compat -- try to decrypt with subkey */ - krb5_crypto_init(context, (krb5_keyblock*)subkey, 0, &crypto); + ret = krb5_crypto_init(context, (krb5_keyblock*)subkey, 0, &crypto); + if (ret) + return ret; ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TGS_REP_ENC_PART_SUB_KEY, diff --git a/lib/krb5/get_in_tkt.c b/lib/krb5/get_in_tkt.c index 5d394ea5f..b91cd605f 100644 --- a/lib/krb5/get_in_tkt.c +++ b/lib/krb5/get_in_tkt.c @@ -85,7 +85,9 @@ decrypt_tkt (krb5_context context, size_t size; krb5_crypto crypto; - krb5_crypto_init(context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; ret = krb5_decrypt_EncryptedData (context, crypto, @@ -321,7 +323,9 @@ make_pa_enc_timestamp(krb5_context context, PA_DATA *pa, if (ret) return ret; - krb5_crypto_init(context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_PA_ENC_TIMESTAMP, diff --git a/lib/krb5/mk_priv.c b/lib/krb5/mk_priv.c index d1351b606..77f7f7e6c 100644 --- a/lib/krb5/mk_priv.c +++ b/lib/krb5/mk_priv.c @@ -117,7 +117,11 @@ krb5_mk_priv(krb5_context context, s.enc_part.etype = key->keytype; s.enc_part.kvno = NULL; - krb5_crypto_init(context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) { + free (buf); + return ret; + } ret = krb5_encrypt (context, crypto, KRB5_KU_KRB_PRIV, diff --git a/lib/krb5/mk_rep.c b/lib/krb5/mk_rep.c index f65098dda..9d04ca233 100644 --- a/lib/krb5/mk_rep.c +++ b/lib/krb5/mk_rep.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997-1999 Kungliga Tekniska Högskolan + * Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -84,8 +84,12 @@ krb5_mk_rep(krb5_context context, &len); free_EncAPRepPart (&body); - krb5_crypto_init(context, (*auth_context)->keyblock, - 0 /* ap.enc_part.etype */, &crypto); + ret = krb5_crypto_init(context, (*auth_context)->keyblock, + 0 /* ap.enc_part.etype */, &crypto); + if (ret) { + free (buf); + return ret; + } ret = krb5_encrypt (context, crypto, KRB5_KU_AP_REQ_ENC_PART, diff --git a/lib/krb5/mk_req_ext.c b/lib/krb5/mk_req_ext.c index a3adf65bb..418102fa2 100644 --- a/lib/krb5/mk_req_ext.c +++ b/lib/krb5/mk_req_ext.c @@ -104,7 +104,10 @@ krb5_mk_req_internal(krb5_context context, &c); } else { krb5_crypto crypto; - krb5_crypto_init(context, ac->keyblock, 0, &crypto); + + ret = krb5_crypto_init(context, ac->keyblock, 0, &crypto); + if (ret) + return ret; ret = krb5_create_checksum(context, crypto, usage, diff --git a/lib/krb5/mk_safe.c b/lib/krb5/mk_safe.c index 1ba7b279a..1667aced8 100644 --- a/lib/krb5/mk_safe.c +++ b/lib/krb5/mk_safe.c @@ -76,13 +76,20 @@ krb5_mk_safe(krb5_context context, s.cksum.checksum.data = NULL; s.cksum.checksum.length = 0; - buf_size = length_KRB_SAFE(&s); buf = malloc(buf_size + 128); /* add some for checksum */ if(buf == NULL) return ENOMEM; ret = encode_KRB_SAFE (buf + buf_size - 1, buf_size, &s, &len); + if (ret) { + free (buf); + return ret; + } ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + if (ret) { + free (buf); + return ret; + } ret = krb5_create_checksum(context, crypto, KRB5_KU_KRB_SAFE_CKSUM, diff --git a/lib/krb5/rd_cred.c b/lib/krb5/rd_cred.c index 9e04042e1..cd13d0c00 100644 --- a/lib/krb5/rd_cred.c +++ b/lib/krb5/rd_cred.c @@ -70,10 +70,15 @@ krb5_rd_cred (krb5_context context, enc_krb_cred_part_data.data = cred.enc_part.cipher.data; } else { if (auth_context->remote_subkey) - krb5_crypto_init(context, auth_context->remote_subkey, 0, &crypto); + ret = krb5_crypto_init(context, auth_context->remote_subkey, + 0, &crypto); else - krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + ret = krb5_crypto_init(context, auth_context->keyblock, + 0, &crypto); /* DK: MIT rsh */ + + if (ret) + goto out; ret = krb5_decrypt_EncryptedData(context, crypto, diff --git a/lib/krb5/rd_priv.c b/lib/krb5/rd_priv.c index ff30afcfa..c6c31de69 100644 --- a/lib/krb5/rd_priv.c +++ b/lib/krb5/rd_priv.c @@ -72,7 +72,9 @@ krb5_rd_priv(krb5_context context, else key = auth_context->keyblock; - krb5_crypto_init(context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + goto failure; ret = krb5_decrypt_EncryptedData(context, crypto, KRB5_KU_KRB_PRIV, diff --git a/lib/krb5/rd_rep.c b/lib/krb5/rd_rep.c index 79a4ced73..e9df3a14c 100644 --- a/lib/krb5/rd_rep.c +++ b/lib/krb5/rd_rep.c @@ -62,7 +62,9 @@ krb5_rd_rep(krb5_context context, goto out; } - krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + if (ret) + goto out; ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_AP_REQ_ENC_PART, diff --git a/lib/krb5/rd_req.c b/lib/krb5/rd_req.c index 7cf24f303..aeb12b682 100644 --- a/lib/krb5/rd_req.c +++ b/lib/krb5/rd_req.c @@ -46,7 +46,9 @@ decrypt_tkt_enc_part (krb5_context context, size_t len; krb5_crypto crypto; - krb5_crypto_init(context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_TICKET, @@ -73,7 +75,9 @@ decrypt_authenticator (krb5_context context, size_t len; krb5_crypto crypto; - krb5_crypto_init(context, key, 0, &crypto); + ret = krb5_crypto_init(context, key, 0, &crypto); + if (ret) + return ret; ret = krb5_decrypt_EncryptedData (context, crypto, KRB5_KU_AP_REQ_AUTH, diff --git a/lib/krb5/rd_safe.c b/lib/krb5/rd_safe.c index c5c005b18..cdbb6f1bf 100644 --- a/lib/krb5/rd_safe.c +++ b/lib/krb5/rd_safe.c @@ -65,7 +65,9 @@ verify_checksum(krb5_context context, buf_size, safe, &len); - krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + if (ret) + goto out; ret = krb5_verify_checksum (context, crypto, KRB5_KU_KRB_SAFE_CKSUM,