From 19820508f9b1888867f6d6b261ed9dc569711e9f Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Fri, 5 Dec 2008 14:09:40 +0000 Subject: [PATCH] Merge in fix from ms-krb-integ branch to avoid modifying input data on aead_decrypt_compat ticket: 6274 Status: resolved git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21287 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/aead.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/lib/crypto/aead.c b/src/lib/crypto/aead.c index 4debc984e..53dc65076 100644 --- a/src/lib/crypto/aead.c +++ b/src/lib/crypto/aead.c @@ -524,7 +524,12 @@ krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead, krb5_error_code ret; iov[0].flags = KRB5_CRYPTO_TYPE_STREAM; - iov[0].data = *input; + iov[0].data.data = malloc(input->length); + if (iov[0].data.data == NULL) + return ENOMEM; + + memcpy(iov[0].data.data, input->data, input->length); + iov[0].data.length = input->length; iov[1].flags = KRB5_CRYPTO_TYPE_DATA; iov[1].data.data = NULL; @@ -534,14 +539,20 @@ krb5int_c_decrypt_aead_compat(const struct krb5_aead_provider *aead, usage, ivec, iov, sizeof(iov)/sizeof(iov[0])); if (ret != 0) - return ret; + goto cleanup; - if (output->length < iov[1].data.length) - return KRB5_BAD_MSIZE; + if (output->length < iov[1].data.length) { + ret = KRB5_BAD_MSIZE; + goto cleanup; + } memcpy(output->data, iov[1].data.data, iov[1].data.length); output->length = iov[1].data.length; +cleanup: + zap(iov[0].data.data, iov[0].data.length); + free(iov[0].data.data); + return ret; } -- 2.26.2