From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 7 Dec 2015 17:16:41 +0000 (-0500)
Subject: Fix k5crypto NSS iov processing bug
X-Git-Tag: krb5-1.15-beta1~323
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=08fafff29a11e61036021196aaae8c303d1a5662;p=thirdparty%2Fkrb5.git

Fix k5crypto NSS iov processing bug

In k5_nss_gen_stream_iov(), don't stop processing the iov array if we
run across a zero-length iov.

ticket: 8300 (new)
target_version: 1.14-next
tags: pullup
---

diff --git a/src/lib/crypto/nss/enc_provider/enc_gen.c b/src/lib/crypto/nss/enc_provider/enc_gen.c
index 7022a78eed..cfe0d65e8e 100644
--- a/src/lib/crypto/nss/enc_provider/enc_gen.c
+++ b/src/lib/crypto/nss/enc_provider/enc_gen.c
@@ -307,7 +307,7 @@ k5_nss_gen_stream_iov(krb5_key krb_key, krb5_data *state,
         int return_length;
         iov = &data[i];
         if (iov->data.length <= 0)
-            break;
+            continue;
 
         if (ENCRYPT_IOV(iov)) {
             rv = PK11_CipherOp(ctx, (unsigned char *)iov->data.data,