diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2003-04-13 11:18:42 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2003-04-13 11:18:42 +0000 |
| commit | e01da4059775fdc4778b32a820a94904a6483f7c (patch) | |
| tree | 2641ae89549cabb0b0372389ca04225831314836 /src | |
| parent | eba6cd413c1d8061cf4f7152b9701c1376a1df87 (diff) | |
| download | krb5-e01da4059775fdc4778b32a820a94904a6483f7c.tar.gz krb5-e01da4059775fdc4778b32a820a94904a6483f7c.tar.xz krb5-e01da4059775fdc4778b32a820a94904a6483f7c.zip | |
Avoid really, really huge cpu time usage caused by iteration count in
spoofed preauth data. (Merely huge cpu time usage is probably still
possible.)
* aes_s2k.c (krb5int_aes_string_to_key): Return an error if the supplied
iteration count is really, really large.
ticket: 1418
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15349 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/crypto/aes/ChangeLog | 5 | ||||
| -rw-r--r-- | src/lib/crypto/aes/aes_s2k.c | 6 |
2 files changed, 11 insertions, 0 deletions
diff --git a/src/lib/crypto/aes/ChangeLog b/src/lib/crypto/aes/ChangeLog index 443aabdd98..3af4903049 100644 --- a/src/lib/crypto/aes/ChangeLog +++ b/src/lib/crypto/aes/ChangeLog @@ -1,3 +1,8 @@ +2003-04-13 Ken Raeburn <raeburn@mit.edu> + + * aes_s2k.c (krb5int_aes_string_to_key): Return an error if the + supplied iteration count is really, really large. + 2003-03-04 Ken Raeburn <raeburn@mit.edu> * aes_s2k.c, aes_s2k.h: New files. diff --git a/src/lib/crypto/aes/aes_s2k.c b/src/lib/crypto/aes/aes_s2k.c index f3670d7d84..6ea2869000 100644 --- a/src/lib/crypto/aes/aes_s2k.c +++ b/src/lib/crypto/aes/aes_s2k.c @@ -29,6 +29,12 @@ krb5int_aes_string_to_key(const struct krb5_enc_provider *enc, } else iter_count = 0xb000L; + /* This is not a protocol specification constraint; this is an + implementation limit, which should eventually be controlled by + a config file. */ + if (iter_count >= 0x1000000L) + return KRB5_ERR_BAD_S2K_PARAMS; + /* * Dense key space, no parity bits or anything, so take a shortcut * and use the key contents buffer for the generated bytes. |