From: John Kohl Date: Tue, 13 Feb 1990 16:49:35 +0000 (+0000) Subject: fix several major flaws, to make it work X-Git-Tag: krb5-1.0-alpha2~1028 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=247a699f0ea9c22c3c423afabb99c96d7d4131ef;p=krb5.git fix several major flaws, to make it work git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@356 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c index 50b963153..80f10c99f 100644 --- a/src/lib/kdb/decrypt_key.c +++ b/src/lib/kdb/decrypt_key.c @@ -36,34 +36,40 @@ krb5_keyblock *out; { krb5_error_code retval; - *out = *in; - out->length = krb5_encrypt_size(in->length, eblock->crypto_entry); + /* the encrypted version is stored as the unencrypted key length + (in host byte order), followed by the encrypted key. + */ + out->keytype = in->keytype; + out->length = krb5_encrypt_size(in->length-sizeof(in->length), + eblock->crypto_entry); out->contents = (krb5_octet *)malloc(out->length); if (!out->contents) { out->contents = 0; out->length = 0; return ENOMEM; } + /* copy out the real length count */ + bcopy((char *)in->contents, (char *)&out->length, + sizeof(out->length)); + + /* remember the contents of the encrypted version has a sizeof(in->length) + integer length of the real embedded key, followed by the + encrypted key, so the offset here is needed */ if (retval = (*eblock->crypto_entry-> - decrypt_func)((krb5_pointer) in->contents, + decrypt_func)((krb5_pointer) (((char *) in->contents) + + sizeof(in->length)), (krb5_pointer) out->contents, - in->length, eblock)) { + in->length-sizeof(in->length), eblock)) { free((char *)out->contents); out->contents = 0; out->length = 0; return retval; } - out->length -= sizeof(out->length); if (out->length < 0) { free((char *)out->contents); out->contents = 0; out->length = 0; return KRB5_KDB_INVALIDKEYSIZE; } - /* shift key down to beginning of contents, and ignore extra wasted - space */ - bcopy((char *)out->contents, - ((char *) out->contents ) + sizeof(out->length), - out->length); return retval; }