[29926] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Make RC4 string-to-key more robust

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Apr 17 13:54:10 2017

Date: Mon, 17 Apr 2017 13:54:02 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201704171754.v3HHs2P3022418@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/b8814745049b5f401e3ae39a81dc1e14598ae48c
commit b8814745049b5f401e3ae39a81dc1e14598ae48c
Author: Greg Hudson <ghudson@mit.edu>
Date:   Fri Apr 14 21:41:20 2017 -0400

    Make RC4 string-to-key more robust
    
    krb5int_utf8cs_to_ucs2les() can read slightly beyond the end of the
    input buffer if the buffer ends with an invalid UTF-8 sequence.  When
    computing the RC4 string-to-key result, make a zero-terminated copy of
    the input string and use krb5int_utf8s_to_ucs2les() instead.
    
    ticket: 8576 (new)
    target_version: 1.15-next
    target_version: 1.14-next
    tags: pullup

 src/lib/crypto/krb/s2k_rc4.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/lib/crypto/krb/s2k_rc4.c b/src/lib/crypto/krb/s2k_rc4.c
index 49ad89d..7286637 100644
--- a/src/lib/crypto/krb/s2k_rc4.c
+++ b/src/lib/crypto/krb/s2k_rc4.c
@@ -10,6 +10,7 @@ krb5int_arcfour_string_to_key(const struct krb5_keytypes *ktp,
     krb5_error_code err = 0;
     krb5_crypto_iov iov;
     krb5_data hash_out;
+    char *utf8;
     unsigned char *copystr;
     size_t copystrlen;
 
@@ -20,8 +21,11 @@ krb5int_arcfour_string_to_key(const struct krb5_keytypes *ktp,
         return (KRB5_BAD_MSIZE);
 
     /* We ignore salt per the Microsoft spec. */
-    err = krb5int_utf8cs_to_ucs2les(string->data, string->length, &copystr,
-                                    &copystrlen);
+    utf8 = k5memdup0(string->data, string->length, &err);
+    if (utf8 == NULL)
+        return err;
+    err = krb5int_utf8s_to_ucs2les(utf8, &copystr, &copystrlen);
+    free(utf8);
     if (err)
         return err;
 
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post