[31420] in CVS-changelog-for-Kerberos-V5
krb5 commit: Check lengths in xdr_krb5_key_data()
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Tue Apr 22 15:10:40 2025
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20250422191032.EA51B101CCE@krbdev.mit.edu>
Date: Tue, 22 Apr 2025 15:10:32 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/e195747d2f8a8e1cd1694d768dba9265439228d0
commit e195747d2f8a8e1cd1694d768dba9265439228d0
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Apr 9 20:19:02 2025 -0400
Check lengths in xdr_krb5_key_data()
Ensure that xdr_krb5_key_data() does not produce an inconsistent
representation if the serialized key_data_contents fields do not match
the corresponding byte array lengths. (This function is only used by
libkadm5srv to serialize historical key data in per-principal kadmin
data.)
ticket: 9172 (new)
src/lib/kadm5/srv/adb_xdr.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c
index b6ffdb8c7..b14cb96ee 100644
--- a/src/lib/kadm5/srv/adb_xdr.c
+++ b/src/lib/kadm5/srv/adb_xdr.c
@@ -36,11 +36,15 @@ xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
&tmp, ~0))
return FALSE;
+ if (tmp != objp->key_data_length[0])
+ return FALSE;
tmp = (unsigned int) objp->key_data_length[1];
if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
&tmp, ~0))
return FALSE;
+ if (tmp != objp->key_data_length[1])
+ return FALSE;
/* don't need to copy tmp out, since key_data_length will be set
by the above encoding. */
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
