Merge in fix from ms-krb-integ branch to avoid modifying input data on aead_decrypt...
authorSam Hartman <hartmans@mit.edu>
Fri, 5 Dec 2008 14:09:40 +0000 (14:09 +0000)
committerSam Hartman <hartmans@mit.edu>
Fri, 5 Dec 2008 14:09:40 +0000 (14:09 +0000)
ticket: 6274
Status: resolved

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21287 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/crypto/aead.c

index 4debc984e66897b89420164b54d056a05006d153..53dc65076dbd475810d444d65eb0728d5b004fde 100644 (file)
@@ -524,7 +524,12 @@ krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead,
     krb5_error_code ret;
 
     iov[0].flags = KRB5_CRYPTO_TYPE_STREAM;
-    iov[0].data = *input;
+    iov[0].data.data = malloc(input->length);
+    if (iov[0].data.data == NULL)
+       return ENOMEM;
+
+    memcpy(iov[0].data.data, input->data, input->length);
+    iov[0].data.length = input->length;
 
     iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
     iov[1].data.data = NULL;
@@ -534,14 +539,20 @@ krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead,
                                       usage, ivec,
                                       iov, sizeof(iov)/sizeof(iov[0]));
     if (ret != 0)
-       return ret;
+       goto cleanup;
 
-    if (output->length < iov[1].data.length)
-       return KRB5_BAD_MSIZE;
+    if (output->length < iov[1].data.length) {
+       ret = KRB5_BAD_MSIZE;
+       goto cleanup;
+    }
 
     memcpy(output->data, iov[1].data.data, iov[1].data.length);
     output->length = iov[1].data.length;
 
+cleanup:
+    zap(iov[0].data.data,  iov[0].data.length);
+    free(iov[0].data.data);
+
     return ret;
 }