From 8bf03064e30cc9d01a3c2177e8cd13a65b248a6c Mon Sep 17 00:00:00 2001 From: Alexandra Ellwood Date: Wed, 13 Aug 2008 19:49:50 +0000 Subject: [PATCH] Use a valid UTF8 password for randkey password KfM RC4 string to key function expects password to be valid UTF8 ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20650 dc483132-0cff-0310-8789-dd5450dbe970 --- src/kadmin/cli/kadmin.c | 14 +++++++++----- src/lib/crypto/arcfour/arcfour_s2k.c | 8 +++++--- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index 02394e7f0..897787255 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -1170,16 +1170,20 @@ void kadmin_addprinc(argc, argv) krb5_key_salt_tuple *ks_tuple; char *pass, *canon; krb5_error_code retval; - static char newpw[1024], dummybuf[256]; + char newpw[1024], dummybuf[256]; static char prompt1[1024], prompt2[1024]; #if APPLE_PKINIT char *cert_hash = NULL; #endif /* APPLE_PKINIT */ - if (dummybuf[0] == 0) { - for (i = 0; i < 256; i++) - dummybuf[i] = (i+1) % 256; - } + /* + dummybuf is used to give random key a password, + random key entires are created with DISALLOW_ALL_TIX + so lets give them a known password utf8 valid pasword + */ + for (i = 0; i < sizeof(dummybuf) - 1; i++) + dummybuf[i] = 'a' + (random() % 25); + dummybuf[sizeof(dummybuf) - 1] = '\0'; /* Zero all fields in request structure */ memset(&princ, 0, sizeof(princ)); diff --git a/src/lib/crypto/arcfour/arcfour_s2k.c b/src/lib/crypto/arcfour/arcfour_s2k.c index 69872fc22..75bdd2a09 100644 --- a/src/lib/crypto/arcfour/arcfour_s2k.c +++ b/src/lib/crypto/arcfour/arcfour_s2k.c @@ -55,7 +55,7 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, const krb5_data *params, krb5_keyblock *key) { krb5_error_code err = 0; - size_t len,slen; + size_t len; unsigned char *copystr; krb5_MD4_CTX md4_context; @@ -71,8 +71,10 @@ krb5int_arcfour_string_to_key(const struct krb5_enc_provider *enc, Since the password must be stored in unicode, we need to increase that number by 2x. */ - slen = ((string->length)>128)?128:string->length; - len=(slen)*2; + if (string->length > (SIZE_MAX/2)) + return (KRB5_BAD_MSIZE); + + len= string->length * 2; copystr = malloc(len); if (copystr == NULL) -- 2.26.2