Use a valid UTF8 password for randkey password

KfM RC4 string to key function expects password to be valid UTF8

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20650 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 5 insertions, 3 deletions

diff --git a/src/lib/crypto/arcfour/arcfour_s2k.c b/src/lib/crypto/arcfour/arcfour_s2k.c
index 69872fc224..75bdd2a09d 100644
--- a/src/lib/crypto/arcfour/arcfour_s2k.c
+++ b/src/lib/crypto/arcfour/arcfour_s2k.c
@@ -55,7 +55,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
 			      const krb5_data *params, krb5_keyblock *key)
 {
   krb5_error_code err = 0;
-  size_t len,slen;
+  size_t len;
   unsigned char *copystr;
   krb5_MD4_CTX md4_context;
 
@@ -71,8 +71,10 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc,
      Since the password must be stored in unicode, we need to increase
      that number by 2x.
   */
-  slen = ((string->length)>128)?128:string->length;
-  len=(slen)*2;
+  if (string->length > (SIZE_MAX/2))
+      return (KRB5_BAD_MSIZE);
+
+  len= string->length * 2;
 
   copystr = malloc(len);
   if (copystr == NULL)