oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Fix for enctype 0 / length 0 keys in MIT HDB backend was incomplete

Browse Source
This commit is contained in:
Nicolas Williams
2011-10-05 17:50:26 -05:00
parent 3d6f86af27
commit e15cabe10a
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
lib/hdb/hdb-mitdb.c
View File

@@ -228,10 +228,6 @@ mdb_keyvalue2key(krb5_context context, hdb_entry *entry, krb5_storage *sp, uint1
if (i == 0) { if (i == 0) {
/* This "version" means we have a key */ /* This "version" means we have a key */
k->key.keytype = type; k->key.keytype = type;
if (u16 < 2) {
ret = EINVAL;
goto out;
}
/* /*
* MIT stores keys encrypted keys as {16-bit length * MIT stores keys encrypted keys as {16-bit length
* of plaintext key, {encrypted key}}. The reason * of plaintext key, {encrypted key}}. The reason
@@ -242,10 +238,16 @@ mdb_keyvalue2key(krb5_context context, hdb_entry *entry, krb5_storage *sp, uint1
* 16-bit length-of-plaintext-key field. * 16-bit length-of-plaintext-key field.
*/ */
krb5_storage_seek(sp, 2, SEEK_CUR); /* skip real length */ krb5_storage_seek(sp, 2, SEEK_CUR); /* skip real length */
k->key.keyvalue.length = u16 - 2; /* adjust cipher len */ if (u16 >= 2) {
k->key.keyvalue.data = malloc(k->key.keyvalue.length); k->key.keyvalue.length = u16 - 2; /* adjust cipher len */
krb5_storage_read(sp, k->key.keyvalue.data, k->key.keyvalue.data = malloc(k->key.keyvalue.length);
k->key.keyvalue.length); krb5_storage_read(sp, k->key.keyvalue.data,
k->key.keyvalue.length);
} else {
/* We'll ignore this key; see our caller */
k->key.keyvalue.length = 0;
krb5_storage_seek(sp, u16, SEEK_CUR);
}
} else if (i == 1) { } else if (i == 1) {
/* This "version" means we have a salt */ /* This "version" means we have a salt */
k->salt = calloc(1, sizeof(*k->salt)); k->salt = calloc(1, sizeof(*k->salt));