krb5 commit: Improve builtin PBKDF2 code hygiene
Greg Hudson
ghudson at mit.edu
Thu Oct 6 11:04:38 EDT 2016
https://github.com/krb5/krb5/commit/66ae03f07dfe2ea876965ece14558c8fb253cb45
commit 66ae03f07dfe2ea876965ece14558c8fb253cb45
Author: Greg Hudson <ghudson at mit.edu>
Date: Tue Oct 4 11:35:29 2016 -0400
Improve builtin PBKDF2 code hygiene
In F() in the builtin implementation of PBKDF2, use make_data() to
fully initialize sdata and out; otherwise we (harmlessly) copy an
uninitialized magic field in hmac(). Also simplify out the local
variable tlen.
src/lib/crypto/builtin/pbkdf2.c | 13 ++++---------
1 files changed, 4 insertions(+), 9 deletions(-)
diff --git a/src/lib/crypto/builtin/pbkdf2.c b/src/lib/crypto/builtin/pbkdf2.c
index 6a97270..d36b32e 100644
--- a/src/lib/crypto/builtin/pbkdf2.c
+++ b/src/lib/crypto/builtin/pbkdf2.c
@@ -97,7 +97,6 @@ F(char *output, char *u_tmp1, char *u_tmp2,
const krb5_data *salt, unsigned long count, int i)
{
unsigned char ibytes[4];
- size_t tlen;
unsigned int j, k;
krb5_data sdata;
krb5_data out;
@@ -111,19 +110,15 @@ F(char *output, char *u_tmp1, char *u_tmp2,
/* Compute U_1. */
store_32_be(i, ibytes);
- tlen = salt->length;
- memcpy(u_tmp2, salt->data, tlen);
- memcpy(u_tmp2 + tlen, ibytes, 4);
- tlen += 4;
- sdata.data = u_tmp2;
- sdata.length = tlen;
+ memcpy(u_tmp2, salt->data, salt->length);
+ memcpy(u_tmp2 + salt->length, ibytes, 4);
+ sdata = make_data(u_tmp2, salt->length + 4);
#if 0
printd("initial salt", &sdata);
#endif
- out.data = u_tmp1;
- out.length = hlen;
+ out = make_data(u_tmp1, hlen);
#if 0
printf("F: computing hmac #1 (U_1) with %s\n", pdata.contents);
More information about the cvs-krb5
mailing list