From 2bb3d540a5687e7c3d84d47c15cc387a21d5ff29 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 24 Jun 1998 07:16:57 +0000 Subject: [PATCH] * mk_priv.c (krb_mk_priv): Fix up call to pcbc_encrypt(). By taking the address of key, the 5th arg to pcbc_encrypt() was actually a (char **) cast to a (C_Block *). The reason for this is that a C_Block (actually a des_cblock) is typedef'ed from a char[8], which by being in the parameters of the definition of krb_mk_priv() becomes of type (char *). This means that using the address operator on key resulted in a pointer to a pointer to a char rather than a pointer to a des_cblock, which would have been innocuous in this case because pcbc_encrypt() actually takes a (des_cblock *) as the 5th (ivec) argument. The moral is to never pass around naked arrays as function arguments; instead, pass around pointers to arrays to avoid spontaneous conversions to pointers sneaking up. Note that CNS actually uses a (C_Block *) everywhere, and maybe we should as well. *whew* git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@10603 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb4/ChangeLog | 17 +++++++++++++++++ src/lib/krb4/mk_priv.c | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index e588b07c9..11953fb75 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,20 @@ +Wed Jun 24 03:09:28 1998 Tom Yu + + * mk_priv.c (krb_mk_priv): Fix up call to pcbc_encrypt(). By + taking the address of key, the 5th arg to pcbc_encrypt() was + actually a (char **) cast to a (C_Block *). The reason for this + is that a C_Block (actually a des_cblock) is typedef'ed from a + char[8], which by being in the parameters of the definition of + krb_mk_priv() becomes of type (char *). This means that using the + address operator on key resulted in a pointer to a pointer to a + char rather than a pointer to a des_cblock, which would have been + innocuous in this case because pcbc_encrypt() actually takes a + (des_cblock *) as the 5th (ivec) argument. The moral is to never + pass around naked arrays as function arguments; instead, pass + around pointers to arrays to avoid spontaneous conversions to + pointers sneaking up. Note that CNS actually uses a (C_Block *) + everywhere, and maybe we should as well. *whew* + 1998-05-08 Theodore Ts'o * stime.c (krb_stime): diff --git a/src/lib/krb4/mk_priv.c b/src/lib/krb4/mk_priv.c index ceb10c8bd..47c96f59b 100644 --- a/src/lib/krb4/mk_priv.c +++ b/src/lib/krb4/mk_priv.c @@ -198,7 +198,7 @@ krb_mk_priv(in,out,length,schedule,key,sender,receiver) #ifndef NOENCRYPTION /* pcbc encrypt, pad as needed, use key as ivec */ pcbc_encrypt((C_Block *) q,(C_Block *) q, (long) (p-q), schedule, - (C_Block *)&key, ENCRYPT); + (C_Block *)key, ENCRYPT); #endif /* NOENCRYPTION */ return (q - out + c_length); /* resulting size */ -- 2.26.2