HEIMDAL:lib/krb5: Harden ARCFOUR_sub{en,de}crypt()

Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
author: Volker Lendecke <vl@samba.org> 2016-11-18 18:02:30 +0000
committer: Stefan Metzmacher <metze@samba.org> 2016-12-20 07:51:14 +0100
commit: c15464f886f9734982123d38594073601d49f151 (patch)
tree: ed045bb10a8d7b8ae849388ec9bd1ae3326edca5 /source4/heimdal
parent: fb318ab0203297019c5e47c6bef4a9abfdeea8a5 (diff)
download: samba-c15464f886f9734982123d38594073601d49f151.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/source4/heimdal/lib/krb5/crypto-arcfour.c b/source4/heimdal/lib/krb5/crypto-arcfour.c
index e16b70cca40..2289e7deedb 100644
--- a/source4/heimdal/lib/krb5/crypto-arcfour.c
+++ b/source4/heimdal/lib/krb5/crypto-arcfour.c
@@ -139,6 +139,10 @@ ARCFOUR_subencrypt(krb5_context context,
     unsigned char k1_c_data[16], k2_c_data[16], k3_c_data[16];
     krb5_error_code ret;
 
+    if (len < 16) {
+	    return KRB5KRB_AP_ERR_INAPP_CKSUM;
+    }
+
     t[0] = (usage >>  0) & 0xFF;
     t[1] = (usage >>  8) & 0xFF;
     t[2] = (usage >> 16) & 0xFF;
@@ -207,6 +211,10 @@ ARCFOUR_subdecrypt(krb5_context context,
     unsigned char cksum_data[16];
     krb5_error_code ret;
 
+    if (len < 16) {
+	    return KRB5KRB_AP_ERR_INAPP_CKSUM;
+    }
+
     t[0] = (usage >>  0) & 0xFF;
     t[1] = (usage >>  8) & 0xFF;
     t[2] = (usage >> 16) & 0xFF;
author	Volker Lendecke <vl@samba.org>	2016-11-18 18:02:30 +0000
committer	Stefan Metzmacher <metze@samba.org>	2016-12-20 07:51:14 +0100
commit	c15464f886f9734982123d38594073601d49f151 (patch)
tree	ed045bb10a8d7b8ae849388ec9bd1ae3326edca5 /source4/heimdal
parent	fb318ab0203297019c5e47c6bef4a9abfdeea8a5 (diff)
download	samba-c15464f886f9734982123d38594073601d49f151.tar.gz