svn rev #23380: trunk/src/lib/crypto/krb/arcfour/
ghudson@MIT.EDU
ghudson at MIT.EDU
Sun Nov 29 10:43:29 EST 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=23380
Commit By: ghudson
Log Message:
Avoid using strncpy in the production of the arcfour salt because it
produces a (spurious) Coverity defect. Fix a memory leak in
krb5int_arcfour_encrypt.
Changed Files:
U trunk/src/lib/crypto/krb/arcfour/arcfour.c
Modified: trunk/src/lib/crypto/krb/arcfour/arcfour.c
===================================================================
--- trunk/src/lib/crypto/krb/arcfour/arcfour.c 2009-11-29 15:32:28 UTC (rev 23379)
+++ trunk/src/lib/crypto/krb/arcfour/arcfour.c 2009-11-29 15:43:29 UTC (rev 23380)
@@ -11,7 +11,7 @@
#include "arcfour-int.h"
#include "hash_provider/hash_provider.h"
-const char *const l40 = "fortybits";
+const char l40[] = "fortybits";
void
krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *enc,
@@ -59,7 +59,7 @@
/* Generate the salt. */
ms_usage = krb5int_arcfour_translate_usage(usage);
if (session_keyblock->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) {
- strncpy(salt_buf, l40, sizeof(salt_buf));
+ memcpy(salt_buf, l40, 10);
store_32_le(ms_usage, salt_buf + 10);
} else {
salt.length=4;
@@ -160,8 +160,7 @@
if (ret)
goto cleanup;
- output->length = plaintext.length + hash->hashsize;
- return 0;
+ output->length = plainlen + hash->hashsize;
cleanup:
krb5int_c_free_keyblock(NULL, usage_keyblock);
More information about the cvs-krb5
mailing list