[krbdev.mit.edu #8576] git commit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[krbdev.mit.edu #8576] git commit

Greg Hudson via RT

Make RC4 string-to-key more robust

krb5int_utf8cs_to_ucs2les() can read slightly beyond the end of the
input buffer if the buffer ends with an invalid UTF-8 sequence.  When
computing the RC4 string-to-key result, make a zero-terminated copy of
the input string and use krb5int_utf8s_to_ucs2les() instead.

Author: Greg Hudson <[hidden email]>
Commit: b8814745049b5f401e3ae39a81dc1e14598ae48c
Branch: master
 src/lib/crypto/krb/s2k_rc4.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

krb5-bugs mailing list
[hidden email]