Skip to content

Commit

Permalink
Clear DES key (schedule) in unwrap BAD_MIC case
Browse files Browse the repository at this point in the history 
We generally clear out the cryptographic key and key schedule from
local variables before relinquishing control flow, but this case was
missed.  Reported by jhb@FreeBSD.org.
  • Loading branch information
@kaduk @jaltman
kaduk authored and jaltman committed Sep 22, 2018
1 parent 1feff82 commit 56fe2f8
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion lib/gssapi/krb5/unwrap.c
View file
Expand Up @@ -135,8 +135,11 @@ unwrap_des
DES_set_key_unchecked (&deskey, &schedule);
DES_cbc_cksum ((void *)hash, (void *)hash, sizeof(hash),
&schedule, &zero);
if (ct_memcmp (p - 8, hash, 8) != 0)
if (ct_memcmp (p - 8, hash, 8) != 0) {
memset_s(&deskey, sizeof(deskey), 0, sizeof(deskey));
memset_s(&schedule, sizeof(schedule), 0, sizeof(schedule));
return GSS_S_BAD_MIC;
}

/* verify sequence number */

Expand Down

0 comments on commit 56fe2f8

Please sign in to comment.