4 files changed, 16 insertions, 2 deletions

diff --git a/src/lib/crypto/md5/ChangeLog b/src/lib/crypto/md5/ChangeLog
index d29d4eee1..ffe7df271 100644
--- a/src/lib/crypto/md5/ChangeLog
+++ b/src/lib/crypto/md5/ChangeLog
@@ -1,3 +1,10 @@
+Tue May 14 19:32:51 1996  Richard Basch  <basch@lehman.com>
+
+	* md5crypto.c md5glue.c:
+		ensure the cksum content length is sufficient.
+
+	* t_cksum.c: initialize cksum.length
+
 Fri May 10 01:19:18 1996  Richard Basch  <basch@lehman.com>
 
 	* md5crypto.c: des3-md5 is being replaced with des3-sha
diff --git a/src/lib/crypto/md5/md5crypto.c b/src/lib/crypto/md5/md5crypto.c
index 5d91b944e..b22a38748 100644
--- a/src/lib/crypto/md5/md5crypto.c
+++ b/src/lib/crypto/md5/md5crypto.c
@@ -106,9 +106,11 @@ krb5_checksum FAR *outcksum;
     krb5_keyblock keyblock;
     krb5_error_code retval;
     size_t i;
-
     krb5_MD5_CTX working;
 
+    if (outcksum->length < RSA_MD5_DES_CKSUM_LENGTH + RSA_MD5_DES_CONFOUND_LENGTH)
+	return KRB5_BAD_MSIZE;
+
     /* Generate the confounder in place */
     if (retval = krb5_random_confounder(RSA_MD5_DES_CONFOUND_LENGTH,
 					outtmp))
diff --git a/src/lib/crypto/md5/md5glue.c b/src/lib/crypto/md5/md5glue.c
index 84ea3e9e7..77aca3686 100644
--- a/src/lib/crypto/md5/md5glue.c
+++ b/src/lib/crypto/md5/md5glue.c
@@ -22,6 +22,9 @@ krb5_checksum FAR *outcksum;
     krb5_octet *input = (krb5_octet *)in;
     krb5_MD5_CTX working;
 
+    if (outcksum->length < RSA_MD5_CKSUM_LENGTH)
+	return KRB5_BAD_MSIZE;
+    
     krb5_MD5Init(&working);
     krb5_MD5Update(&working, input, in_length);
     krb5_MD5Final(&working);
diff --git a/src/lib/crypto/md5/t_cksum.c b/src/lib/crypto/md5/t_cksum.c
index d9d4f2aec..d28e36c16 100644
--- a/src/lib/crypto/md5/t_cksum.c
+++ b/src/lib/crypto/md5/t_cksum.c
@@ -116,12 +116,14 @@ main(argc, argv)
     return(kret);
   }
 
+  oldstyle_checksum.length = CHECKSUM_LENGTH;
   if (!(oldstyle_checksum.contents = (krb5_octet *) malloc(CHECKSUM_LENGTH))) {
     printf("cannot get memory for old style checksum\n");
     return(ENOMEM);
   }
+  newstyle_checksum.length = krb5_checksum_size(kcontext, CHECKSUM_TYPE);
   if (!(newstyle_checksum.contents = (krb5_octet *)
-	malloc(krb5_checksum_size(kcontext, CHECKSUM_TYPE)))) {
+	malloc(newstyle_checksum.length))) {
     printf("cannot get memory for new style checksum\n");
     return(ENOMEM);
   }