diff options
| author | Alexandra Ellwood <lxs@mit.edu> | 2008-08-13 19:49:50 +0000 |
|---|---|---|
| committer | Alexandra Ellwood <lxs@mit.edu> | 2008-08-13 19:49:50 +0000 |
| commit | 8bf03064e30cc9d01a3c2177e8cd13a65b248a6c (patch) | |
| tree | 6a586ea7dab028d127d35d1199ca5124f9cbb0e1 | |
| parent | fa17450ee30a79fef6b0f5dbba0b25eb3c0438d2 (diff) | |
| download | krb5-8bf03064e30cc9d01a3c2177e8cd13a65b248a6c.tar.gz krb5-8bf03064e30cc9d01a3c2177e8cd13a65b248a6c.tar.xz krb5-8bf03064e30cc9d01a3c2177e8cd13a65b248a6c.zip | |
Use a valid UTF8 password for randkey password
KfM RC4 string to key function expects password to be valid UTF8
ticket: new
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20650 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/kadmin/cli/kadmin.c | 14 | ||||
| -rw-r--r-- | src/lib/crypto/arcfour/arcfour_s2k.c | 8 |
2 files changed, 14 insertions, 8 deletions
diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 02394e7f02..897787255e 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -1170,16 +1170,20 @@ void kadmin_addprinc(argc, argv) krb5_key_salt_tuple *ks_tuple; char *pass, *canon; krb5_error_code retval; - static char newpw[1024], dummybuf[256]; + char newpw[1024], dummybuf[256]; static char prompt1[1024], prompt2[1024]; #if APPLE_PKINIT char *cert_hash = NULL; #endif /* APPLE_PKINIT */ - if (dummybuf[0] == 0) { - for (i = 0; i < 256; i++) - dummybuf[i] = (i+1) % 256; - } + /* + dummybuf is used to give random key a password, + random key entires are created with DISALLOW_ALL_TIX + so lets give them a known password utf8 valid pasword + */ + for (i = 0; i < sizeof(dummybuf) - 1; i++) + dummybuf[i] = 'a' + (random() % 25); + dummybuf[sizeof(dummybuf) - 1] = '\0'; /* Zero all fields in request structure */ memset(&princ, 0, sizeof(princ)); diff --git a/src/lib/crypto/arcfour/arcfour_s2k.c b/src/lib/crypto/arcfour/arcfour_s2k.c index 69872fc224..75bdd2a09d 100644 --- a/src/lib/crypto/arcfour/arcfour_s2k.c +++ b/src/lib/crypto/arcfour/arcfour_s2k.c @@ -55,7 +55,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, const krb5_data *params, krb5_keyblock *key) { krb5_error_code err = 0; - size_t len,slen; + size_t len; unsigned char *copystr; krb5_MD4_CTX md4_context; @@ -71,8 +71,10 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, Since the password must be stored in unicode, we need to increase that number by 2x. */ - slen = ((string->length)>128)?128:string->length; - len=(slen)*2; + if (string->length > (SIZE_MAX/2)) + return (KRB5_BAD_MSIZE); + + len= string->length * 2; copystr = malloc(len); if (copystr == NULL) |