summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorEzra Peisach <epeisach@mit.edu>2001-10-26 22:14:31 +0000
committerEzra Peisach <epeisach@mit.edu>2001-10-26 22:14:31 +0000
commit8b9902db3c3dd546c6bba323221962011ecadcde (patch)
tree7efbb8e4d3dc2c8391e059e40ffd895ebae4a36b /src
parent5be277dece8cd97896c9f00779d0006513c10d3e (diff)
downloadkrb5-8b9902db3c3dd546c6bba323221962011ecadcde.tar.gz
krb5-8b9902db3c3dd546c6bba323221962011ecadcde.tar.xz
krb5-8b9902db3c3dd546c6bba323221962011ecadcde.zip
* k5seal.c (make_seal_token_v1): Correct errors in code
pertaining to case when signing message only. Fixes buffer overflows as found by gssapi dejagnu testsuite. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13868 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
-rw-r--r--src/lib/gssapi/krb5/ChangeLog6
-rw-r--r--src/lib/gssapi/krb5/k5seal.c14
2 files changed, 15 insertions, 5 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index d5aa402f7f..2bc1ca9a6d 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,9 @@
+2001-10-26 Ezra Peisach <epeisach@mit.edu>
+
+ * k5seal.c (make_seal_token_v1): Correct errors in code pertaining
+ to case when signing message only. Fixes buffer overflows as found
+ by gssapi dejagnu testsuite.
+
2001-10-25 Sam Hartman <hartmans@mit.edu>
* k5unseal.c (kg_unseal_v1): same here.
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index a8b10f6a5a..7ba53db27c 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -91,6 +91,7 @@ make_seal_token_v1 (krb5_context context,
if (encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG)))
conflen = kg_confounder_size(context, enc);
else conflen = 0;
+
if (toktype == KG_TOK_SEAL_MSG) {
switch (sealalg) {
case SEAL_ALG_MICROSOFT_RC4:
@@ -177,23 +178,26 @@ make_seal_token_v1 (krb5_context context,
}
memcpy(plain+conflen, text->value, text->length);
- memset(plain+conflen+text->length, pad, pad);
+ if (pad) memset(plain+conflen+text->length, pad, pad);
- /* compute the checksum */
+ /* compute the checksum */
/* 8 = head of token body as specified by mech spec */
if (! (data_ptr =
- (char *) xmalloc(8 + (bigend ? text->length : tmsglen)))) {
+ (char *) xmalloc(8 +
+ ((bigend || (toktype != KG_TOK_SEAL_MSG))
+ ? text->length : tmsglen)))) {
xfree(plain);
xfree(t);
return(ENOMEM);
}
(void) memcpy(data_ptr, ptr-2, 8);
- if (bigend)
+ if (bigend || (toktype != KG_TOK_SEAL_MSG))
(void) memcpy(data_ptr+8, text->value, text->length);
else
(void) memcpy(data_ptr+8, plain, msglen);
- plaind.length = 8 + (bigend ? text->length : msglen);
+ plaind.length = 8 +
+ ((bigend || (toktype != KG_TOK_SEAL_MSG))? text->length : msglen);
plaind.data = data_ptr;
code = krb5_c_make_checksum(context, md5cksum.checksum_type, seq,
sign_usage, &plaind, &md5cksum);