svn rev #25382: branches/krb5-1-9/src/lib/gssapi/krb5/
tlyu@MIT.EDU
tlyu at MIT.EDU
Tue Oct 18 17:07:27 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=25382
Commit By: tlyu
Log Message:
ticket: 6970
version_fixed: 1.9.2
status: resolved
pull up r25309 from trunk
------------------------------------------------------------------------
r25309 | hartmans | 2011-10-05 17:30:42 -0400 (Wed, 05 Oct 2011) | 11 lines
ticket: 6970
subject: gss_unwrap_iov crashes with stream buffers for 3des, des, rc4
tags: pullup
Use correct key to determine enctype for KG2 tokens in
kg_unseal_stream_iov
Tested with AES for a new enctype and 3DES for an old enctype.
Signed-off-by: Kevin Wasserman <kevin.wasserman at painless-security.com>
Changed Files:
U branches/krb5-1-9/src/lib/gssapi/krb5/k5unsealiov.c
Modified: branches/krb5-1-9/src/lib/gssapi/krb5/k5unsealiov.c
===================================================================
--- branches/krb5-1-9/src/lib/gssapi/krb5/k5unsealiov.c 2011-10-18 21:07:23 UTC (rev 25381)
+++ branches/krb5-1-9/src/lib/gssapi/krb5/k5unsealiov.c 2011-10-18 21:07:27 UTC (rev 25382)
@@ -504,10 +504,14 @@
case KG2_TOK_WRAP_MSG:
case KG2_TOK_DEL_CTX: {
size_t ec, rrc;
- krb5_enctype enctype = ctx->enc->keyblock.enctype;
+ krb5_enctype enctype;
unsigned int k5_headerlen = 0;
unsigned int k5_trailerlen = 0;
+ if (ctx->have_acceptor_subkey)
+ enctype = ctx->acceptor_subkey->keyblock.enctype;
+ else
+ enctype = ctx->subkey->keyblock.enctype;
conf_req_flag = ((ptr[0] & FLAG_WRAP_CONFIDENTIAL) != 0);
ec = conf_req_flag ? load_16_be(ptr + 2) : 0;
rrc = load_16_be(ptr + 4);
More information about the cvs-krb5
mailing list