krb5 commit: Check lengths in xdr_krb5_key_data()
ghudson at mit.edu
ghudson at mit.edu
Tue Apr 22 15:10:32 EDT 2025
https://github.com/krb5/krb5/commit/e195747d2f8a8e1cd1694d768dba9265439228d0
commit e195747d2f8a8e1cd1694d768dba9265439228d0
Author: Greg Hudson <ghudson at mit.edu>
Date: Wed Apr 9 20:19:02 2025 -0400
Check lengths in xdr_krb5_key_data()
Ensure that xdr_krb5_key_data() does not produce an inconsistent
representation if the serialized key_data_contents fields do not match
the corresponding byte array lengths. (This function is only used by
libkadm5srv to serialize historical key data in per-principal kadmin
data.)
ticket: 9172 (new)
src/lib/kadm5/srv/adb_xdr.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c
index b6ffdb8c7..b14cb96ee 100644
--- a/src/lib/kadm5/srv/adb_xdr.c
+++ b/src/lib/kadm5/srv/adb_xdr.c
@@ -36,11 +36,15 @@ xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
&tmp, ~0))
return FALSE;
+ if (tmp != objp->key_data_length[0])
+ return FALSE;
tmp = (unsigned int) objp->key_data_length[1];
if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
&tmp, ~0))
return FALSE;
+ if (tmp != objp->key_data_length[1])
+ return FALSE;
/* don't need to copy tmp out, since key_data_length will be set
by the above encoding. */
More information about the cvs-krb5
mailing list