[29790] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix error handling in PKINIT decode_data()
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Dec 15 11:31:53 2016
Date: Thu, 15 Dec 2016 11:31:49 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201612151631.uBFGVnCX008915@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/cc9035a7d25008bdcd9c7beb01670aa57b51d829
commit cc9035a7d25008bdcd9c7beb01670aa57b51d829
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Dec 14 11:25:41 2016 -0500
Fix error handling in PKINIT decode_data()
decode_data() mixes errno values with OpenSSL return codes. Change
its return type to int, and return 1 on success or 0 on failure.
ticket: 8525 (new)
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c | 17 +++++++----------
1 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
index 7dcdf04..74fffbf 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
@@ -4188,24 +4188,24 @@ pkinit_sign_data(krb5_context context,
}
-static krb5_error_code
+static int
decode_data(uint8_t **out_data, unsigned int *out_data_len,
const uint8_t *data, unsigned int data_len, EVP_PKEY *pkey,
X509 *cert)
{
- krb5_error_code retval = ENOMEM;
+ int retval;
unsigned char *buf = NULL;
int buf_len = 0;
if (cert && !X509_check_private_key(cert, pkey)) {
pkiDebug("private key does not match certificate\n");
- goto cleanup;
+ return 0;
}
buf_len = EVP_PKEY_size(pkey);
buf = malloc((size_t) buf_len + 10);
if (buf == NULL)
- goto cleanup;
+ return 0;
#if OPENSSL_VERSION_NUMBER >= 0x00909000L
retval = EVP_PKEY_decrypt_old(buf, data, (int)data_len, pkey);
@@ -4214,16 +4214,13 @@ decode_data(uint8_t **out_data, unsigned int *out_data_len,
#endif
if (retval <= 0) {
pkiDebug("unable to decrypt received data (len=%d)\n", data_len);
- goto cleanup;
+ free(buf);
+ return 0;
}
*out_data = buf;
*out_data_len = retval;
-cleanup:
- if (retval == ENOMEM)
- free(buf);
-
- return retval;
+ return 1;
}
static krb5_error_code
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
