From ce69f5cc5d0e9e636f0266657037402d218f350f Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Wed, 15 Sep 2010 16:40:32 +0000 Subject: [PATCH] Fix warnings in encrypt_key and decrypt_key. Avoid a segfault if NULL master key is passed into default decryption function. kdb: fix warnings git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24310 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/kdb/decrypt_key.c | 12 ++++++++---- src/lib/kdb/encrypt_key.c | 4 ++-- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/lib/kdb/decrypt_key.c b/src/lib/kdb/decrypt_key.c index 37c45975c..d421093ca 100644 --- a/src/lib/kdb/decrypt_key.c +++ b/src/lib/kdb/decrypt_key.c @@ -76,17 +76,21 @@ krb5_dbe_def_decrypt_key_data( krb5_context context, krb5_enc_data cipher; krb5_data plain; + if (!mkey) + return KRB5_KDB_BADSTORED_MKEY; ptr = key_data->key_data_contents[0]; if (ptr) { krb5_kdb_decode_int16(ptr, tmplen); ptr += 2; + if (tmplen < 0) + return EINVAL; cipher.enctype = ENCTYPE_UNKNOWN; cipher.ciphertext.length = key_data->key_data_length[0]-2; - cipher.ciphertext.data = ptr; + cipher.ciphertext.data = (char *) ptr; plain.length = key_data->key_data_length[0]-2; - if ((plain.data = (krb5_octet *) malloc(plain.length)) == NULL) + if ((plain.data = malloc(plain.length)) == NULL) return(ENOMEM); if ((retval = krb5_c_decrypt(context, mkey, 0 /* XXX */, 0, @@ -101,7 +105,7 @@ krb5_dbe_def_decrypt_key_data( krb5_context context, to make sure that there are enough bytes, but I can't do any better than that. */ - if (tmplen > plain.length) { + if ((unsigned int) tmplen > plain.length) { free(plain.data); return(KRB5_CRYPTO_INTERNAL); } @@ -109,7 +113,7 @@ krb5_dbe_def_decrypt_key_data( krb5_context context, dbkey->magic = KV5M_KEYBLOCK; dbkey->enctype = key_data->key_data_type[0]; dbkey->length = tmplen; - dbkey->contents = plain.data; + dbkey->contents = (krb5_octet *) plain.data; } /* Decode salt data */ diff --git a/src/lib/kdb/encrypt_key.c b/src/lib/kdb/encrypt_key.c index 02f093244..5e6e4e46f 100644 --- a/src/lib/kdb/encrypt_key.c +++ b/src/lib/kdb/encrypt_key.c @@ -104,10 +104,10 @@ krb5_dbe_def_encrypt_key_data( krb5_context context, ptr += 2; plain.length = dbkey->length; - plain.data = dbkey->contents; + plain.data = (char *) dbkey->contents; cipher.ciphertext.length = len; - cipher.ciphertext.data = ptr; + cipher.ciphertext.data = (char *) ptr; if ((retval = krb5_c_encrypt(context, mkey, /* XXX */ 0, 0, &plain, &cipher))) { -- 2.26.2