packages/krb5
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
krb5/backport-Allow-null-keyblocks-in-IOV-checksum-functions.patch
wjiang 023d8f06f2 backport patches from upstream
2024-12-04 16:23:25 +08:00

67 lines
2.4 KiB
Diff
Raw Blame History

From 6217454323b39cedb1b03ac161ecb0ade3ad84e6 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Sun, 20 Oct 2024 02:09:26 -0400
Subject: [PATCH] Allow null keyblocks in IOV checksum functions
Null keyblocks are allowed by the libk5crypto checksum functions when
the checksum type is not keyed. However, krb5_c_make_checksum_iov()
and krb5_c_verify_checksum_iov() crash on null keyblock inputs because
they do not check before converting to krb5_key as their non-IOV
variants do. Add the missing null checks.
ticket: 9146 (new)
---
src/lib/crypto/krb/make_checksum_iov.c | 10 ++++++----
src/lib/crypto/krb/verify_checksum_iov.c | 10 ++++++----
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/src/lib/crypto/krb/make_checksum_iov.c b/src/lib/crypto/krb/make_checksum_iov.c
index 549180d..84e98b1 100644
--- a/src/lib/crypto/krb/make_checksum_iov.c
+++ b/src/lib/crypto/krb/make_checksum_iov.c
@@ -81,12 +81,14 @@ krb5_c_make_checksum_iov(krb5_context context,
krb5_crypto_iov *data,
size_t num_data)
{
- krb5_key key;
+ krb5_key key = NULL;
krb5_error_code ret;
- ret = krb5_k_create_key(context, keyblock, &key);
- if (ret != 0)
- return ret;
+ if (keyblock != NULL) {
+ ret = krb5_k_create_key(context, keyblock, &key);
+ if (ret != 0)
+ return ret;
+ }
ret = krb5_k_make_checksum_iov(context, cksumtype, key, usage,
data, num_data);
krb5_k_free_key(context, key);
diff --git a/src/lib/crypto/krb/verify_checksum_iov.c b/src/lib/crypto/krb/verify_checksum_iov.c
index fc76c0e..47a25a9 100644
--- a/src/lib/crypto/krb/verify_checksum_iov.c
+++ b/src/lib/crypto/krb/verify_checksum_iov.c
@@ -88,12 +88,14 @@ krb5_c_verify_checksum_iov(krb5_context context,
size_t num_data,
krb5_boolean *valid)
{
- krb5_key key;
+ krb5_key key = NULL;
krb5_error_code ret;
- ret = krb5_k_create_key(context, keyblock, &key);
- if (ret != 0)
- return ret;
+ if (keyblock != NULL) {
+ ret = krb5_k_create_key(context, keyblock, &key);
+ if (ret != 0)
+ return ret;
+ }
ret = krb5_k_verify_checksum_iov(context, checksum_type, key, usage, data,
num_data, valid);
krb5_k_free_key(context, key);
--
2.43.0
Reference in New Issue View Git Blame Copy Permalink