summaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/gssapi/krb5/ChangeLog6
-rw-r--r--src/lib/gssapi/krb5/k5seal.c14
2 files changed, 15 insertions, 5 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
index d5aa402f7..2bc1ca9a6 100644
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,9 @@
+2001-10-26 Ezra Peisach <epeisach@mit.edu>
+
+ * k5seal.c (make_seal_token_v1): Correct errors in code pertaining
+ to case when signing message only. Fixes buffer overflows as found
+ by gssapi dejagnu testsuite.
+
2001-10-25 Sam Hartman <hartmans@mit.edu>
* k5unseal.c (kg_unseal_v1): same here.
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index a8b10f6a5..7ba53db27 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -91,6 +91,7 @@ make_seal_token_v1 (krb5_context context,
if (encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG)))
conflen = kg_confounder_size(context, enc);
else conflen = 0;
+
if (toktype == KG_TOK_SEAL_MSG) {
switch (sealalg) {
case SEAL_ALG_MICROSOFT_RC4:
@@ -177,23 +178,26 @@ make_seal_token_v1 (krb5_context context,
}
memcpy(plain+conflen, text->value, text->length);
- memset(plain+conflen+text->length, pad, pad);
+ if (pad) memset(plain+conflen+text->length, pad, pad);
- /* compute the checksum */
+ /* compute the checksum */
/* 8 = head of token body as specified by mech spec */
if (! (data_ptr =
- (char *) xmalloc(8 + (bigend ? text->length : tmsglen)))) {
+ (char *) xmalloc(8 +
+ ((bigend || (toktype != KG_TOK_SEAL_MSG))
+ ? text->length : tmsglen)))) {
xfree(plain);
xfree(t);
return(ENOMEM);
}
(void) memcpy(data_ptr, ptr-2, 8);
- if (bigend)
+ if (bigend || (toktype != KG_TOK_SEAL_MSG))
(void) memcpy(data_ptr+8, text->value, text->length);
else
(void) memcpy(data_ptr+8, plain, msglen);
- plaind.length = 8 + (bigend ? text->length : msglen);
+ plaind.length = 8 +
+ ((bigend || (toktype != KG_TOK_SEAL_MSG))? text->length : msglen);
plaind.data = data_ptr;
code = krb5_c_make_checksum(context, md5cksum.checksum_type, seq,
sign_usage, &plaind, &md5cksum);
generated by cgit (git 2.34.1) at 2026-02-13 16:27:27 +0000