summaryrefslogtreecommitdiff
path: root/source4/heimdal/lib/gssapi/krb5/prf.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/heimdal/lib/gssapi/krb5/prf.c')
-rw-r--r--source4/heimdal/lib/gssapi/krb5/prf.c24
1 files changed, 15 insertions, 9 deletions
diff --git a/source4/heimdal/lib/gssapi/krb5/prf.c b/source4/heimdal/lib/gssapi/krb5/prf.c
index 323b4cc722..162a309709 100644
--- a/source4/heimdal/lib/gssapi/krb5/prf.c
+++ b/source4/heimdal/lib/gssapi/krb5/prf.c
@@ -47,18 +47,21 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
krb5_crypto crypto;
krb5_data input, output;
uint32_t num;
+ OM_uint32 junk;
unsigned char *p;
krb5_keyblock *key = NULL;
+ size_t dol;
if (ctx == NULL) {
*minor_status = 0;
return GSS_S_NO_CONTEXT;
}
- if (desired_output_len <= 0) {
+ if (desired_output_len <= 0 || prf_in->length + 4 < prf_in->length) {
*minor_status = 0;
return GSS_S_FAILURE;
}
+ dol = desired_output_len;
GSSAPI_KRB5_INIT (&context);
@@ -88,21 +91,20 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
return GSS_S_FAILURE;
}
- prf_out->value = malloc(desired_output_len);
+ prf_out->value = malloc(dol);
if (prf_out->value == NULL) {
_gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
krb5_crypto_destroy(context, crypto);
return GSS_S_FAILURE;
}
- prf_out->length = desired_output_len;
+ prf_out->length = dol;
HEIMDAL_MUTEX_lock(&ctx->ctx_id_mutex);
input.length = prf_in->length + 4;
input.data = malloc(prf_in->length + 4);
if (input.data == NULL) {
- OM_uint32 junk;
_gsskrb5_set_status(GSS_KRB5_S_KG_INPUT_TOO_LONG, "Out of memory");
*minor_status = GSS_KRB5_S_KG_INPUT_TOO_LONG;
gss_release_buffer(&junk, prf_out);
@@ -110,15 +112,17 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_FAILURE;
}
- memcpy(((unsigned char *)input.data) + 4, prf_in->value, prf_in->length);
+ memcpy(((uint8_t *)input.data) + 4, prf_in->value, prf_in->length);
num = 0;
p = prf_out->value;
- while(desired_output_len > 0) {
+ while(dol > 0) {
+ size_t tsize;
+
_gsskrb5_encode_om_uint32(num, input.data);
+
ret = krb5_crypto_prf(context, crypto, &input, &output);
if (ret) {
- OM_uint32 junk;
*minor_status = ret;
free(input.data);
gss_release_buffer(&junk, prf_out);
@@ -126,9 +130,11 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_status,
HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
return GSS_S_FAILURE;
}
- memcpy(p, output.data, min(desired_output_len, output.length));
+
+ tsize = min(dol, output.length);
+ memcpy(p, output.data, tsize);
p += output.length;
- desired_output_len -= output.length;
+ dol -= tsize;
krb5_data_free(&output);
num++;
}
generated by cgit (git 2.34.1) at 2024-05-20 21:41:55 +0000