diff options
| author | Tom Yu <tlyu@mit.edu> | 1998-06-24 07:16:57 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 1998-06-24 07:16:57 +0000 |
| commit | 2bb3d540a5687e7c3d84d47c15cc387a21d5ff29 (patch) | |
| tree | 09ea4f8159d4ecb1c4879288197289973cb58983 | |
| parent | 2b7ad4767bee4b3867c37bcd15161503a5c78db6 (diff) | |
| download | krb5-2bb3d540a5687e7c3d84d47c15cc387a21d5ff29.tar.gz krb5-2bb3d540a5687e7c3d84d47c15cc387a21d5ff29.tar.xz krb5-2bb3d540a5687e7c3d84d47c15cc387a21d5ff29.zip | |
* mk_priv.c (krb_mk_priv): Fix up call to pcbc_encrypt(). By
taking the address of key, the 5th arg to pcbc_encrypt() was
actually a (char **) cast to a (C_Block *). The reason for this
is that a C_Block (actually a des_cblock) is typedef'ed from a
char[8], which by being in the parameters of the definition of
krb_mk_priv() becomes of type (char *). This means that using the
address operator on key resulted in a pointer to a pointer to a
char rather than a pointer to a des_cblock, which would have been
innocuous in this case because pcbc_encrypt() actually takes a
(des_cblock *) as the 5th (ivec) argument. The moral is to never
pass around naked arrays as function arguments; instead, pass
around pointers to arrays to avoid spontaneous conversions to
pointers sneaking up. Note that CNS actually uses a (C_Block *)
everywhere, and maybe we should as well. *whew*
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10603 dc483132-0cff-0310-8789-dd5450dbe970
| -rw-r--r-- | src/lib/krb4/ChangeLog | 17 | ||||
| -rw-r--r-- | src/lib/krb4/mk_priv.c | 2 |
2 files changed, 18 insertions, 1 deletions
diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index e588b07c9..11953fb75 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,20 @@ +Wed Jun 24 03:09:28 1998 Tom Yu <tlyu@mit.edu> + + * mk_priv.c (krb_mk_priv): Fix up call to pcbc_encrypt(). By + taking the address of key, the 5th arg to pcbc_encrypt() was + actually a (char **) cast to a (C_Block *). The reason for this + is that a C_Block (actually a des_cblock) is typedef'ed from a + char[8], which by being in the parameters of the definition of + krb_mk_priv() becomes of type (char *). This means that using the + address operator on key resulted in a pointer to a pointer to a + char rather than a pointer to a des_cblock, which would have been + innocuous in this case because pcbc_encrypt() actually takes a + (des_cblock *) as the 5th (ivec) argument. The moral is to never + pass around naked arrays as function arguments; instead, pass + around pointers to arrays to avoid spontaneous conversions to + pointers sneaking up. Note that CNS actually uses a (C_Block *) + everywhere, and maybe we should as well. *whew* + 1998-05-08 Theodore Ts'o <tytso@rsts-11.mit.edu> * stime.c (krb_stime): diff --git a/src/lib/krb4/mk_priv.c b/src/lib/krb4/mk_priv.c index ceb10c8bd..47c96f59b 100644 --- a/src/lib/krb4/mk_priv.c +++ b/src/lib/krb4/mk_priv.c @@ -198,7 +198,7 @@ krb_mk_priv(in,out,length,schedule,key,sender,receiver) #ifndef NOENCRYPTION /* pcbc encrypt, pad as needed, use key as ivec */ pcbc_encrypt((C_Block *) q,(C_Block *) q, (long) (p-q), schedule, - (C_Block *)&key, ENCRYPT); + (C_Block *)key, ENCRYPT); #endif /* NOENCRYPTION */ return (q - out + c_length); /* resulting size */ |