From 78501c922b2da4ad025282f3713e12e04de19fb2 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sun, 29 Nov 2009 15:43:29 +0000 Subject: [PATCH] Avoid using strncpy in the production of the arcfour salt because it produces a (spurious) Coverity defect. Fix a memory leak in krb5int_arcfour_encrypt. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23380 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/crypto/krb/arcfour/arcfour.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/lib/crypto/krb/arcfour/arcfour.c b/src/lib/crypto/krb/arcfour/arcfour.c index b9cb5fc67..ba48d7275 100644 --- a/src/lib/crypto/krb/arcfour/arcfour.c +++ b/src/lib/crypto/krb/arcfour/arcfour.c @@ -11,7 +11,7 @@ #include "arcfour-int.h" #include "hash_provider/hash_provider.h" -const char *const l40 = "fortybits"; +const char l40[] = "fortybits"; void krb5int_arcfour_encrypt_length(const struct krb5_enc_provider *enc, @@ -59,7 +59,7 @@ krb5int_arcfour_usage_key(const struct krb5_enc_provider *enc, /* Generate the salt. */ ms_usage = krb5int_arcfour_translate_usage(usage); if (session_keyblock->enctype == ENCTYPE_ARCFOUR_HMAC_EXP) { - strncpy(salt_buf, l40, sizeof(salt_buf)); + memcpy(salt_buf, l40, 10); store_32_le(ms_usage, salt_buf + 10); } else { salt.length=4; @@ -160,8 +160,7 @@ krb5int_arcfour_encrypt(const struct krb5_enc_provider *enc, if (ret) goto cleanup; - output->length = plaintext.length + hash->hashsize; - return 0; + output->length = plainlen + hash->hashsize; cleanup: krb5int_c_free_keyblock(NULL, usage_keyblock); -- 2.26.2