git.ipfire.org Git - thirdparty/krb5.git/commit

]> git.ipfire.org Git - thirdparty/krb5.git/commit

projects / thirdparty / krb5.git / commit

author	Greg Hudson <ghudson@mit.edu>
	Sat, 15 Apr 2017 01:41:20 +0000 (21:41 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Mon, 17 Apr 2017 17:28:07 +0000 (13:28 -0400)
commit	b8814745049b5f401e3ae39a81dc1e14598ae48c
tree	af6cf6e79392c2655bcc352758ee75ead9205c0c	tree
parent	184656dd268d3041b4fc5283ce6ddfbddfd81929	commit \| diff

Make RC4 string-to-key more robust

krb5int_utf8cs_to_ucs2les() can read slightly beyond the end of the
input buffer if the buffer ends with an invalid UTF-8 sequence. When
computing the RC4 string-to-key result, make a zero-terminated copy of
the input string and use krb5int_utf8s_to_ucs2les() instead.

ticket: 8576 (new)
target_version: 1.15-next
target_version: 1.14-next
tags: pullup

src/lib/crypto/krb/s2k_rc4.c

diff | blob | blame | history

Mirror of https://github.com/krb5/krb5.git

RSS Atom