From 8bf03064e30cc9d01a3c2177e8cd13a65b248a6c Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Wed, 13 Aug 2008 19:49:50 +0000 Subject: Use a valid UTF8 password for randkey password KfM RC4 string to key function expects password to be valid UTF8 ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20650 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/arcfour/arcfour_s2k.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/lib') diff --git a/src/lib/crypto/arcfour/arcfour_s2k.c b/src/lib/crypto/arcfour/arcfour_s2k.c index 69872fc22..75bdd2a09 100644 --- a/src/lib/crypto/arcfour/arcfour_s2k.c +++ b/src/lib/crypto/arcfour/arcfour_s2k.c @@ -55,7 +55,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, const krb5_data *params, krb5_keyblock *key) { krb5_error_code err = 0; - size_t len,slen; + size_t len; unsigned char *copystr; krb5_MD4_CTX md4_context; @@ -71,8 +71,10 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, Since the password must be stored in unicode, we need to increase that number by 2x. */ - slen = ((string->length)>128)?128:string->length; - len=(slen)*2; + if (string->length > (SIZE_MAX/2)) + return (KRB5_BAD_MSIZE); + + len= string->length * 2; copystr = malloc(len); if (copystr == NULL) -- cgit