Skip Menu |
 

From: ghudson@mit.edu
Subject: git commit

Make RC4 string-to-key more robust

krb5int_utf8cs_to_ucs2les() can read slightly beyond the end of the
input buffer if the buffer ends with an invalid UTF-8 sequence. When
computing the RC4 string-to-key result, make a zero-terminated copy of
the input string and use krb5int_utf8s_to_ucs2les() instead.

https://github.com/krb5/krb5/commit/b8814745049b5f401e3ae39a81dc1e14598ae48c
Author: Greg Hudson <ghudson@mit.edu>
Commit: b8814745049b5f401e3ae39a81dc1e14598ae48c
Branch: master
src/lib/crypto/krb/s2k_rc4.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Make RC4 string-to-key more robust

krb5int_utf8cs_to_ucs2les() can read slightly beyond the end of the
input buffer if the buffer ends with an invalid UTF-8 sequence. When
computing the RC4 string-to-key result, make a zero-terminated copy of
the input string and use krb5int_utf8s_to_ucs2les() instead.

(cherry picked from commit b8814745049b5f401e3ae39a81dc1e14598ae48c)

https://github.com/krb5/krb5/commit/2514453d616bafe47beacc73f695ae6d4701ae19
Author: Greg Hudson <ghudson@mit.edu>
Commit: 2514453d616bafe47beacc73f695ae6d4701ae19
Branch: krb5-1.14
src/lib/crypto/krb/s2k_rc4.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
From: ghudson@mit.edu
Subject: git commit

Make RC4 string-to-key more robust

krb5int_utf8cs_to_ucs2les() can read slightly beyond the end of the
input buffer if the buffer ends with an invalid UTF-8 sequence. When
computing the RC4 string-to-key result, make a zero-terminated copy of
the input string and use krb5int_utf8s_to_ucs2les() instead.

(cherry picked from commit b8814745049b5f401e3ae39a81dc1e14598ae48c)

https://github.com/krb5/krb5/commit/86512c5713a6e2dc39c95b30c1299a484d30d58e
Author: Greg Hudson <ghudson@mit.edu>
Commit: 86512c5713a6e2dc39c95b30c1299a484d30d58e
Branch: krb5-1.15
src/lib/crypto/krb/s2k_rc4.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)