Compare key lengths before comparing key data

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@2224 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/kdb/verify_mky.c b/src/lib/kdb/verify_mky.c
index 6f62fd18b1522f1d189d3fbc31a9dfca0b5b8ed6..3b1278b7fa14f84e26e901200a08c4a0b1dd987b 100644 (file)
--- a/src/lib/kdb/verify_mky.c
+++ b/src/lib/kdb/verify_mky.c
@@ -76,8 +76,8 @@ krb5_encrypt_block *eblock;
        krb5_db_free_principal(&master_entry, nprinc);
        return retval;
     }
-    if (memcmp((char *)mkey->contents, (char *)tempkey.contents,
-              mkey->length)) {
+    if (mkey->length != tempkey.length ||
+       memcmp((char *)mkey->contents, (char *)tempkey.contents,mkey->length)) {
        retval = KRB5_KDB_BADMASTERKEY;
        (void) krb5_finish_key(eblock);
     } else