]> git.ipfire.org Git - thirdparty/krb5.git/commitdiff
projects / thirdparty / krb5.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e2e5f38)
Check lengths in xdr_krb5_key_data()
authorGreg Hudson <ghudson@mit.edu>
Thu, 10 Apr 2025 00:19:02 +0000 (20:19 -0400)
committerGreg Hudson <ghudson@mit.edu>
Tue, 22 Apr 2025 18:51:10 +0000 (14:51 -0400)
Ensure that xdr_krb5_key_data() does not produce an inconsistent
representation if the serialized key_data_contents fields do not match
the corresponding byte array lengths.  (This function is only used by
libkadm5srv to serialize historical key data in per-principal kadmin
data.)

ticket: 9172 (new)

src/lib/kadm5/srv/adb_xdr.c patch | blob | blame | history

diff --git a/src/lib/kadm5/srv/adb_xdr.c b/src/lib/kadm5/srv/adb_xdr.c
index b6ffdb8c7a9941eb35658b4392a1bb657c7c4d21..b14cb96eed2215061034256eb31b705a719f13c5 100644 (file)
--- a/src/lib/kadm5/srv/adb_xdr.c
+++ b/src/lib/kadm5/srv/adb_xdr.c
@@ -36,11 +36,15 @@ xdr_krb5_key_data(XDR *xdrs, krb5_key_data *objp)
     if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[0],
                   &tmp, ~0))
        return FALSE;
+    if (tmp != objp->key_data_length[0])
+       return FALSE;
 
     tmp = (unsigned int) objp->key_data_length[1];
     if (!xdr_bytes(xdrs, (char **) &objp->key_data_contents[1],
                   &tmp, ~0))
        return FALSE;
+    if (tmp != objp->key_data_length[1])
+       return FALSE;
 
     /* don't need to copy tmp out, since key_data_length will be set
        by the above encoding. */
Mirror of https://github.com/krb5/krb5.git