From ca1200df0392fa7fa6bbcb8a2617e7651b8b6afe Mon Sep 17 00:00:00 2001 From: Taylor R Campbell Date: Sun, 28 May 2023 20:08:15 +0000 Subject: [PATCH] krb5_decrypt_iov_ivec: Make sure const zero IV is actually const. This way if anything _does_ write to it, it has the opportunity to be caught by SIGSEGV, by having zero_ivec in a .rodata segment mapped read-only. fix https://github.com/heimdal/heimdal/issues/1135 --- lib/krb5/crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c index 699d227d6..933c689d2 100644 --- a/lib/krb5/crypto.c +++ b/lib/krb5/crypto.c @@ -1922,13 +1922,13 @@ krb5_decrypt_iov_ivec(krb5_context context, goto cleanup; } else { krb5_data ivec_data; - static unsigned char zero_ivec[EVP_MAX_IV_LENGTH]; + static const unsigned char zero_ivec[EVP_MAX_IV_LENGTH]; heim_assert(et->blocksize <= sizeof(zero_ivec), "blocksize too big for ivec buffer"); ivec_data.length = et->blocksize; - ivec_data.data = ivec ? ivec : zero_ivec; + ivec_data.data = ivec ? ivec : rk_UNCONST(zero_ivec); ret = iov_coalesce(context, &ivec_data, data, num_data, TRUE, &sign_data); if(ret)