From 01fca2f87b8fdcb825a7db5b2a7940851c9a6251 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Tue, 18 Oct 2011 21:07:27 +0000 Subject: [PATCH] pull up r25309 from trunk ------------------------------------------------------------------------ r25309 | hartmans | 2011-10-05 17:30:42 -0400 (Wed, 05 Oct 2011) | 11 lines ticket: 6970 subject: gss_unwrap_iov crashes with stream buffers for 3des, des, rc4 tags: pullup Use correct key to determine enctype for KG2 tokens in kg_unseal_stream_iov Tested with AES for a new enctype and 3DES for an old enctype. Signed-off-by: Kevin Wasserman ticket: 6970 version_fixed: 1.9.2 status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-9@25382 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/krb5/k5unsealiov.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/lib/gssapi/krb5/k5unsealiov.c b/src/lib/gssapi/krb5/k5unsealiov.c index 2be7b82ae..8d092d6d6 100644 --- a/src/lib/gssapi/krb5/k5unsealiov.c +++ b/src/lib/gssapi/krb5/k5unsealiov.c @@ -504,10 +504,14 @@ kg_unseal_stream_iov(OM_uint32 *minor_status, case KG2_TOK_WRAP_MSG: case KG2_TOK_DEL_CTX: { size_t ec, rrc; - krb5_enctype enctype = ctx->enc->keyblock.enctype; + krb5_enctype enctype; unsigned int k5_headerlen = 0; unsigned int k5_trailerlen = 0; + if (ctx->have_acceptor_subkey) + enctype = ctx->acceptor_subkey->keyblock.enctype; + else + enctype = ctx->subkey->keyblock.enctype; conf_req_flag = ((ptr[0] & FLAG_WRAP_CONFIDENTIAL) != 0); ec = conf_req_flag ? load_16_be(ptr + 2) : 0; rrc = load_16_be(ptr + 4); -- 2.26.2