[1243] in Kerberos-V5-bugs
krb5b4pl3: lib/crypto/md5/md5glue.c: needs to allocate memory for checksum
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Tue Mar 21 14:31:02 1995
From: "Jonathan I. Kamens" <jik@cam.ov.com>
Date: Tue, 21 Mar 1995 14:34:06 -0500
To: krb5-bugs@MIT.EDU
As far as I can tell, checksum functions are supposed to allocate the
memory into which the checksums they generate are copied. I confirmed
this by checking the DES CBC checksum function, which does allocate
memory. The md5 checksum function, however, doesn't which I believe
is a bug.
Here's a patch:
--- md5glue.c 1995/03/21 19:29:01 1.1
+++ md5glue.c 1995/03/21 19:29:49
@@ -20,6 +20,9 @@
outcksum->checksum_type = CKSUMTYPE_RSA_MD5;
outcksum->length = RSA_MD5_CKSUM_LENGTH;
+ if (!(outcksum->contents = (krb5_octet *)malloc(16)))
+ return ENOMEM;
+
memcpy((char *)outcksum->contents, (char *)&working.digest[0], 16);
memset((char *)&working, 0, sizeof(working));
