svn rev #24310: trunk/src/lib/kdb/
hartmans@MIT.EDU
hartmans at MIT.EDU
Wed Sep 15 12:40:32 EDT 2010
http://src.mit.edu/fisheye/changelog/krb5/?cs=24310
Commit By: hartmans
Log Message:
kdb: fix warnings
Fix warnings in encrypt_key and decrypt_key. Avoid a segfault if NULL
master key is passed into default decryption function.
Changed Files:
U trunk/src/lib/kdb/decrypt_key.c
U trunk/src/lib/kdb/encrypt_key.c
Modified: trunk/src/lib/kdb/decrypt_key.c
===================================================================
--- trunk/src/lib/kdb/decrypt_key.c 2010-09-15 15:50:15 UTC (rev 24309)
+++ trunk/src/lib/kdb/decrypt_key.c 2010-09-15 16:40:32 UTC (rev 24310)
@@ -76,17 +76,21 @@
krb5_enc_data cipher;
krb5_data plain;
+ if (!mkey)
+ return KRB5_KDB_BADSTORED_MKEY;
ptr = key_data->key_data_contents[0];
if (ptr) {
krb5_kdb_decode_int16(ptr, tmplen);
ptr += 2;
+ if (tmplen < 0)
+ return EINVAL;
cipher.enctype = ENCTYPE_UNKNOWN;
cipher.ciphertext.length = key_data->key_data_length[0]-2;
- cipher.ciphertext.data = ptr;
+ cipher.ciphertext.data = (char *) ptr;
plain.length = key_data->key_data_length[0]-2;
- if ((plain.data = (krb5_octet *) malloc(plain.length)) == NULL)
+ if ((plain.data = malloc(plain.length)) == NULL)
return(ENOMEM);
if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0,
@@ -101,7 +105,7 @@
to make sure that there are enough bytes, but I can't do
any better than that. */
- if (tmplen > plain.length) {
+ if ((unsigned int) tmplen > plain.length) {
free(plain.data);
return(KRB5_CRYPTO_INTERNAL);
}
@@ -109,7 +113,7 @@
dbkey->magic = KV5M_KEYBLOCK;
dbkey->enctype = key_data->key_data_type[0];
dbkey->length = tmplen;
- dbkey->contents = plain.data;
+ dbkey->contents = (krb5_octet *) plain.data;
}
/* Decode salt data */
Modified: trunk/src/lib/kdb/encrypt_key.c
===================================================================
--- trunk/src/lib/kdb/encrypt_key.c 2010-09-15 15:50:15 UTC (rev 24309)
+++ trunk/src/lib/kdb/encrypt_key.c 2010-09-15 16:40:32 UTC (rev 24310)
@@ -104,10 +104,10 @@
ptr += 2;
plain.length = dbkey->length;
- plain.data = dbkey->contents;
+ plain.data = (char *) dbkey->contents;
cipher.ciphertext.length = len;
- cipher.ciphertext.data = ptr;
+ cipher.ciphertext.data = (char *) ptr;
if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0,
&plain, &cipher))) {
More information about the cvs-krb5
mailing list