gss_unwrap_iov crashes with stream buffers for 3des, des, rc4
authorSam Hartman <hartmans@mit.edu>
Wed, 5 Oct 2011 21:30:42 +0000 (21:30 +0000)
committerSam Hartman <hartmans@mit.edu>
Wed, 5 Oct 2011 21:30:42 +0000 (21:30 +0000)
Use correct key to determine enctype for KG2 tokens in
kg_unseal_stream_iov

Tested with AES for a new enctype and 3DES for an old enctype.

Signed-off-by: Kevin Wasserman <kevin.wasserman@painless-security.com>
ticket: 6970
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25309 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/gssapi/krb5/k5unsealiov.c

index ec4eae9792e07879588804d3f21821abe96df4bc..986ee0616f017944748a554790aa203e71aad521 100644 (file)
@@ -502,10 +502,14 @@ kg_unseal_stream_iov(OM_uint32 *minor_status,
     case KG2_TOK_WRAP_MSG:
     case KG2_TOK_DEL_CTX: {
         size_t ec, rrc;
-        krb5_enctype enctype = ctx->enc->keyblock.enctype;
+        krb5_enctype enctype;
         unsigned int k5_headerlen = 0;
         unsigned int k5_trailerlen = 0;
 
+        if (ctx->have_acceptor_subkey)
+            enctype = ctx->acceptor_subkey->keyblock.enctype;
+        else
+            enctype = ctx->subkey->keyblock.enctype;
         conf_req_flag = ((ptr[0] & FLAG_WRAP_CONFIDENTIAL) != 0);
         ec = conf_req_flag ? load_16_be(ptr + 2) : 0;
         rrc = load_16_be(ptr + 4);