svn rev #25309: trunk/src/lib/gssapi/krb5/
hartmans@MIT.EDU
hartmans at MIT.EDU
Wed Oct 5 17:30:42 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=25309
Commit By: hartmans
Log Message:
ticket: 6970
subject: gss_unwrap_iov crashes with stream buffers for 3des, des, rc4
tags: pullup
Use correct key to determine enctype for KG2 tokens in
kg_unseal_stream_iov
Tested with AES for a new enctype and 3DES for an old enctype.
Signed-off-by: Kevin Wasserman <kevin.wasserman at painless-security.com>
Changed Files:
U trunk/src/lib/gssapi/krb5/k5unsealiov.c
Modified: trunk/src/lib/gssapi/krb5/k5unsealiov.c
===================================================================
--- trunk/src/lib/gssapi/krb5/k5unsealiov.c 2011-10-05 21:30:31 UTC (rev 25308)
+++ trunk/src/lib/gssapi/krb5/k5unsealiov.c 2011-10-05 21:30:42 UTC (rev 25309)
@@ -502,10 +502,14 @@
case KG2_TOK_WRAP_MSG:
case KG2_TOK_DEL_CTX: {
size_t ec, rrc;
- krb5_enctype enctype = ctx->enc->keyblock.enctype;
+ krb5_enctype enctype;
unsigned int k5_headerlen = 0;
unsigned int k5_trailerlen = 0;
+ if (ctx->have_acceptor_subkey)
+ enctype = ctx->acceptor_subkey->keyblock.enctype;
+ else
+ enctype = ctx->subkey->keyblock.enctype;
conf_req_flag = ((ptr[0] & FLAG_WRAP_CONFIDENTIAL) != 0);
ec = conf_req_flag ? load_16_be(ptr + 2) : 0;
rrc = load_16_be(ptr + 4);
More information about the cvs-krb5
mailing list