add padding area, and zero it (for encryption functions)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@885 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 37 insertions, 3 deletions

diff --git a/src/lib/krb5/krb/encode_kdc.c b/src/lib/krb5/krb/encode_kdc.c
index 89cd913b2a..3d4df54038 100644
--- a/src/lib/krb5/krb/encode_kdc.c
+++ b/src/lib/krb5/krb/encode_kdc.c
@@ -74,7 +74,15 @@ OLDDECLARG(krb5_data **, enc_rep)
 
     eblock.crypto_entry = krb5_csarray[dec_rep->etype]->system;
     dec_rep->enc_part.length = krb5_encrypt_size(scratch->length,
-					      eblock.crypto_entry);
+						 eblock.crypto_entry);
+    /* add padding area, and zero it */
+    if (!(scratch->data = realloc(scratch->data, dec_rep->enc_part.length))) {
+	/* may destroy scratch->data */
+	xfree(scratch);
+	return ENOMEM;
+    }
+    bzero(scratch->data + scratch->length,
+	  dec_rep->enc_part.length - scratch->length);
     if (!(dec_rep->enc_part.data = malloc(dec_rep->enc_part.length))) {
 	retval = ENOMEM;
 	goto clean_scratch;
diff --git a/src/lib/krb5/krb/encrypt_tk.c b/src/lib/krb5/krb/encrypt_tk.c
index 813afe810b..f1aafbcde0 100644
--- a/src/lib/krb5/krb/encrypt_tk.c
+++ b/src/lib/krb5/krb/encrypt_tk.c
@@ -61,7 +61,15 @@ register krb5_ticket *dec_ticket;
 
     eblock.crypto_entry = krb5_csarray[dec_ticket->etype]->system;
     dec_ticket->enc_part.length = krb5_encrypt_size(scratch->length,
-						     eblock.crypto_entry);
+						    eblock.crypto_entry);
+    /* add padding area, and zero it */
+    if (!(scratch->data = realloc(scratch->data, dec_ticket->enc_part.length))) {
+	/* may destroy scratch->data */
+	xfree(scratch);
+	return ENOMEM;
+    }
+    bzero(scratch->data + scratch->length,
+	  dec_ticket->enc_part.length - scratch->length);
     if (!(dec_ticket->enc_part.data = malloc(dec_ticket->enc_part.length))) {
 	retval = ENOMEM;
 	goto clean_scratch;
diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c
index c6359d4bf5..c46648b77a 100644
--- a/src/lib/krb5/krb/mk_priv.c
+++ b/src/lib/krb5/krb/mk_priv.c
@@ -90,7 +90,15 @@ OLDDECLARG(krb5_data *, outbuf)
 
     eblock.crypto_entry = krb5_csarray[etype]->system;
     privmsg.enc_part.length = krb5_encrypt_size(scratch->length,
-                                                     eblock.crypto_entry);
+						eblock.crypto_entry);
+    /* add padding area, and zero it */
+    if (!(scratch->data = realloc(scratch->data, privmsg.enc_part.length))) {
+	/* may destroy scratch->data */
+	xfree(scratch);
+	return ENOMEM;
+    }
+    bzero(scratch->data + scratch->length,
+	  privmsg.enc_part.length - scratch->length);
     if (!(privmsg.enc_part.data = malloc(privmsg.enc_part.length))) {
         retval = ENOMEM;
         goto clean_scratch;
diff --git a/src/lib/krb5/krb/mk_req_ext.c b/src/lib/krb5/krb/mk_req_ext.c
index d65f529146..f0a124af68 100644
--- a/src/lib/krb5/krb/mk_req_ext.c
+++ b/src/lib/krb5/krb/mk_req_ext.c
@@ -123,6 +123,15 @@ krb5_data *outbuf;
     eblock.crypto_entry = krb5_csarray[etype]->system;
     request.authenticator.length = krb5_encrypt_size(scratch->length,
 						     eblock.crypto_entry);
+    /* add padding area, and zero it */
+    if (!(scratch->data = realloc(scratch->data, request.authenticator.length))) {
+	/* may destroy scratch->data */
+	xfree(scratch);
+	retval = ENOMEM;
+	goto clean_ticket;
+    }
+    bzero(scratch->data + scratch->length,
+	  request.authenticator.length - scratch->length);
     if (!(request.authenticator.data = malloc(request.authenticator.length))) {
 	retval = ENOMEM;
 	goto clean_scratch;
@@ -168,6 +177,7 @@ krb5_data *outbuf;
     cleanup_encpart();
  clean_scratch:
     cleanup_scratch();
+ clean_ticket:
     cleanup_ticket();
 
     return retval;