1 files changed, 43 insertions, 6 deletions

diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c
index 59a290938..435a60ee2 100644
--- a/src/lib/kdb/encrypt_key.c
+++ b/src/lib/kdb/encrypt_key.c
@@ -17,6 +17,7 @@ static char rcsid_encrypt_key_c [] =
 
 #include <krb5/copyright.h>
 #include <krb5/krb5.h>
+#include <krb5/kdb5_err.h>
 #include <krb5/ext-proto.h>
 #include <errno.h>
 
@@ -26,17 +27,33 @@ krb5_keyblock *in;
 krb5_keyblock *out;
 krb5_encrypt_block *eblock;
 {
+    /* encrypted rep has a length encrypted along with the key,
+       so that we win if the keysize != blocksize.
+       However, this means an extra block (at least) if
+       keysize == blocksize. */
+
+    krb5_error_code retval;
+
     *out = *in;
     out->length = krb5_encrypt_size(in->length, eblock->crypto_entry);
+    out->length += sizeof(out->length);
     out->contents = (krb5_octet *)malloc(out->length);
     if (!out->contents) {
 	out->contents = 0;
 	out->length = 0;
 	return ENOMEM;
     }
-    return (*eblock->crypto_entry->encrypt_func)((krb5_pointer) in->contents,
-						 (krb5_pointer) out->contents,
-						 in->length, eblock);
+    bcopy(&out->length, out->contents, sizeof(out->length));
+    if (retval = (*eblock->crypto_entry->
+		  encrypt_func)((krb5_pointer) in->contents,
+				((krb5_pointer) out->contents) +
+				sizeof(out->length),
+				in->length, eblock)) {
+	free((char *)out->contents);
+	out->contents = 0;
+	out->length = 0;
+    }
+    return retval;
 }
 
 krb5_error_code
@@ -45,6 +62,8 @@ krb5_keyblock *in;
 krb5_keyblock *out;
 krb5_encrypt_block *eblock;
 {
+    krb5_error_code retval;
+
     *out = *in;
     out->length = krb5_encrypt_size(in->length, eblock->crypto_entry);
     out->contents = (krb5_octet *)malloc(out->length);
@@ -53,7 +72,25 @@ krb5_encrypt_block *eblock;
 	out->length = 0;
 	return ENOMEM;
     }
-    return (*eblock->crypto_entry->decrypt_func)((krb5_pointer) in->contents,
-						 (krb5_pointer) out->contents,
-						 in->length, eblock);
+    if (retval = (*eblock->crypto_entry->
+		  decrypt_func)((krb5_pointer) in->contents,
+				(krb5_pointer) out->contents,
+				in->length, eblock)) {
+	free((char *)out->contents);
+	out->contents = 0;
+	out->length = 0;
+	return retval;
+    }
+    out->length -= sizeof(out->length);
+    if (out->length < 0) {
+	free((char *)out->contents);
+	out->contents = 0;
+	out->length = 0;
+	return KRB5_KDB_INVALIDKEYSIZE;
+    }
+    /* shift key down to beginning of contents, and ignore extra wasted
+       space */
+    bcopy(out->contents, ((krb5_pointer) out->contents ) + sizeof(out->length),
+	  out->length);
+    return retval;
 }