From b0a87c1750690bbc09dcc00f399436ff4d1ee1ab Mon Sep 17 00:00:00 2001 From: "Jacques A. Vidrine" Date: Wed, 31 Oct 2001 13:37:39 +0000 Subject: [PATCH] Correct a heap buffer overrun. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10781 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/ChangeLog | 6 ++++++ lib/gssapi/get_mic.c | 4 ---- lib/gssapi/krb5/ChangeLog | 6 ++++++ lib/gssapi/krb5/get_mic.c | 4 ---- 4 files changed, 12 insertions(+), 8 deletions(-) diff --git a/lib/gssapi/ChangeLog b/lib/gssapi/ChangeLog index c1735acb7..85e864c09 100644 --- a/lib/gssapi/ChangeLog +++ b/lib/gssapi/ChangeLog @@ -1,3 +1,9 @@ +2001-10-31 Jacques Vidrine + + * get_mic.c (mic_des3): MIC computation using DES3/SHA1 + was bogusly appending the message buffer to the result, + overwriting a heap buffer in the process. + 2001-08-29 Assar Westerlund * 8003.c (gssapi_krb5_verify_8003_checksum, diff --git a/lib/gssapi/get_mic.c b/lib/gssapi/get_mic.c index 33b8b81aa..8f138cf04 100644 --- a/lib/gssapi/get_mic.c +++ b/lib/gssapi/get_mic.c @@ -236,10 +236,6 @@ mic_des3 memcpy (p, encdata.data, encdata.length); krb5_data_free (&encdata); - p += 8 + cksum.checksum.length; - - memcpy (p, message_buffer->value, message_buffer->length); - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number); diff --git a/lib/gssapi/krb5/ChangeLog b/lib/gssapi/krb5/ChangeLog index c1735acb7..85e864c09 100644 --- a/lib/gssapi/krb5/ChangeLog +++ b/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,9 @@ +2001-10-31 Jacques Vidrine + + * get_mic.c (mic_des3): MIC computation using DES3/SHA1 + was bogusly appending the message buffer to the result, + overwriting a heap buffer in the process. + 2001-08-29 Assar Westerlund * 8003.c (gssapi_krb5_verify_8003_checksum, diff --git a/lib/gssapi/krb5/get_mic.c b/lib/gssapi/krb5/get_mic.c index 33b8b81aa..8f138cf04 100644 --- a/lib/gssapi/krb5/get_mic.c +++ b/lib/gssapi/krb5/get_mic.c @@ -236,10 +236,6 @@ mic_des3 memcpy (p, encdata.data, encdata.length); krb5_data_free (&encdata); - p += 8 + cksum.checksum.length; - - memcpy (p, message_buffer->value, message_buffer->length); - krb5_auth_con_setlocalseqnumber (gssapi_krb5_context, context_handle->auth_context, ++seq_number);