* k5seal.c (make_seal_token_v1): Correct errors in code

author Ezra Peisach <epeisach@mit.edu>

Fri, 26 Oct 2001 22:14:31 +0000 (22:14 +0000)

committer Ezra Peisach <epeisach@mit.edu>

Fri, 26 Oct 2001 22:14:31 +0000 (22:14 +0000)
author Ezra Peisach <epeisach@mit.edu>
Fri, 26 Oct 2001 22:14:31 +0000 (22:14 +0000)
committer Ezra Peisach <epeisach@mit.edu>
Fri, 26 Oct 2001 22:14:31 +0000 (22:14 +0000)
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog

index d5aa402f7f189def70f73b9d0b990364d9a52dda..2bc1ca9a6de22f472222a80ced6bf31f5367c338 100644 (file)
--- a/src/lib/gssapi/krb5/ChangeLog
+++ b/src/lib/gssapi/krb5/ChangeLog
@@ -1,3 +1,9 @@
+2001-10-26  Ezra Peisach  <epeisach@mit.edu>
+
+       * k5seal.c (make_seal_token_v1): Correct errors in code pertaining
+       to case when signing message only. Fixes buffer overflows as found
+       by gssapi dejagnu testsuite.
+
  2001-10-25  Sam Hartman  <hartmans@mit.edu>
  
         * k5unseal.c (kg_unseal_v1): same here.
diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c

index a8b10f6a5a4675c9330f3f10e40d0486c84f8514..7ba53db27cc5af96b106929b7475358e5d52a571 100644 (file)
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -91,6 +91,7 @@ make_seal_token_v1 (krb5_context context,
      if (encrypt || (!bigend && (toktype == KG_TOK_SEAL_MSG)))
        conflen = kg_confounder_size(context, enc);
      else conflen = 0;
+
      if (toktype == KG_TOK_SEAL_MSG) {
        switch (sealalg) {
        case SEAL_ALG_MICROSOFT_RC4:
@@ -177,23 +178,26 @@ make_seal_token_v1 (krb5_context context,
      }
  
      memcpy(plain+conflen, text->value, text->length);
-    memset(plain+conflen+text->length, pad, pad);
+    if (pad) memset(plain+conflen+text->length, pad, pad);
  
-       /* compute the checksum */
+    /* compute the checksum */
  
      /* 8 = head of token body as specified by mech spec */
      if (! (data_ptr =
-          (char *) xmalloc(8 + (bigend ? text->length : tmsglen)))) {
+          (char *) xmalloc(8 + 
+                           ((bigend || (toktype != KG_TOK_SEAL_MSG))
+                            ? text->length : tmsglen)))) {
        xfree(plain);
        xfree(t);
        return(ENOMEM);
      }
      (void) memcpy(data_ptr, ptr-2, 8);
-    if (bigend)
+    if (bigend || (toktype != KG_TOK_SEAL_MSG))
        (void) memcpy(data_ptr+8, text->value, text->length);
      else
        (void) memcpy(data_ptr+8, plain, msglen);
-    plaind.length = 8 + (bigend ? text->length : msglen);
+    plaind.length = 8 + 
+       ((bigend || (toktype != KG_TOK_SEAL_MSG))? text->length : msglen);
      plaind.data = data_ptr;
      code = krb5_c_make_checksum(context, md5cksum.checksum_type, seq,
                                 sign_usage, &plaind, &md5cksum);
author	Ezra Peisach <epeisach@mit.edu>
	Fri, 26 Oct 2001 22:14:31 +0000 (22:14 +0000)
committer	Ezra Peisach <epeisach@mit.edu>
	Fri, 26 Oct 2001 22:14:31 +0000 (22:14 +0000)
src/lib/gssapi/krb5/ChangeLog		patch \| blob \| history
src/lib/gssapi/krb5/k5seal.c		patch \| blob \| history