Changeset View
Changeset View
Standalone View
Standalone View
crypto/heimdal/kdc/digest.c
Show First 20 Lines • Show All 369 Lines • ▼ Show 20 Lines | goto out; | ||||
/* | /* | ||||
* Process the inner request | * Process the inner request | ||||
*/ | */ | ||||
switch (ireq.element) { | switch (ireq.element) { | ||||
case choice_DigestReqInner_init: { | case choice_DigestReqInner_init: { | ||||
unsigned char server_nonce[16], identifier; | unsigned char server_nonce[16], identifier; | ||||
RAND_pseudo_bytes(&identifier, sizeof(identifier)); | RAND_bytes(&identifier, sizeof(identifier)); | ||||
RAND_pseudo_bytes(server_nonce, sizeof(server_nonce)); | RAND_bytes(server_nonce, sizeof(server_nonce)); | ||||
server_nonce[0] = kdc_time & 0xff; | server_nonce[0] = kdc_time & 0xff; | ||||
server_nonce[1] = (kdc_time >> 8) & 0xff; | server_nonce[1] = (kdc_time >> 8) & 0xff; | ||||
server_nonce[2] = (kdc_time >> 16) & 0xff; | server_nonce[2] = (kdc_time >> 16) & 0xff; | ||||
server_nonce[3] = (kdc_time >> 24) & 0xff; | server_nonce[3] = (kdc_time >> 24) & 0xff; | ||||
r.element = choice_DigestRepInner_initReply; | r.element = choice_DigestRepInner_initReply; | ||||
▲ Show 20 Lines • Show All 926 Lines • ▼ Show 20 Lines | memcmp(ireq.u.ntlmRequest.ntlm.data, answer.data, answer.length) != 0) | ||||
krb5_set_error_message(context, ret, "NTLM hash mismatch"); | krb5_set_error_message(context, ret, "NTLM hash mismatch"); | ||||
goto failed; | goto failed; | ||||
} | } | ||||
free(answer.data); | free(answer.data); | ||||
{ | { | ||||
EVP_MD_CTX *ctx; | EVP_MD_CTX *ctx; | ||||
ctx = EVP_MD_CTX_create(); | ctx = EVP_MD_CTX_create(); | ||||
jhb: Ironically, heimdal doesn't check for malloc failures for other dynamic libcrypto allocations… | |||||
Done Inline ActionsYup, I have several things that segfault when my credentials expire. They tend to behave better (though still not great) when linked against MIT Kerberos. bjk: Yup, I have several things that segfault when my credentials expire. They tend to behave… | |||||
EVP_DigestInit_ex(ctx, EVP_md4(), NULL); | EVP_DigestInit_ex(ctx, EVP_md4(), NULL); | ||||
EVP_DigestUpdate(ctx, | EVP_DigestUpdate(ctx, | ||||
key->key.keyvalue.data, | key->key.keyvalue.data, | ||||
key->key.keyvalue.length); | key->key.keyvalue.length); | ||||
EVP_DigestFinal_ex(ctx, sessionkey, NULL); | EVP_DigestFinal_ex(ctx, sessionkey, NULL); | ||||
EVP_MD_CTX_destroy(ctx); | EVP_MD_CTX_destroy(ctx); | ||||
} | } | ||||
} | } | ||||
if (ireq.u.ntlmRequest.sessionkey) { | if (ireq.u.ntlmRequest.sessionkey) { | ||||
unsigned char masterkey[MD4_DIGEST_LENGTH]; | unsigned char masterkey[MD4_DIGEST_LENGTH]; | ||||
EVP_CIPHER_CTX rc4; | EVP_CIPHER_CTX *rc4; | ||||
size_t len; | size_t len; | ||||
if ((flags & NTLM_NEG_KEYEX) == 0) { | if ((flags & NTLM_NEG_KEYEX) == 0) { | ||||
ret = EINVAL; | ret = EINVAL; | ||||
krb5_set_error_message(context, ret, | krb5_set_error_message(context, ret, | ||||
"NTLM client failed to neg key " | "NTLM client failed to neg key " | ||||
"exchange but still sent key"); | "exchange but still sent key"); | ||||
goto failed; | goto failed; | ||||
} | } | ||||
len = ireq.u.ntlmRequest.sessionkey->length; | len = ireq.u.ntlmRequest.sessionkey->length; | ||||
if (len != sizeof(masterkey)){ | if (len != sizeof(masterkey)){ | ||||
ret = EINVAL; | ret = EINVAL; | ||||
krb5_set_error_message(context, ret, | krb5_set_error_message(context, ret, | ||||
"NTLM master key wrong length: %lu", | "NTLM master key wrong length: %lu", | ||||
(unsigned long)len); | (unsigned long)len); | ||||
goto failed; | goto failed; | ||||
} | } | ||||
EVP_CIPHER_CTX_init(&rc4); | rc4 = EVP_CIPHER_CTX_new(); | ||||
EVP_CipherInit_ex(&rc4, EVP_rc4(), NULL, sessionkey, NULL, 1); | if (rc4 == NULL) { | ||||
EVP_Cipher(&rc4, | ret = ENOMEM; | ||||
krb5_set_error_message(context, ret, | |||||
"NTLM failed to malloc cipher context"); | |||||
goto failed; | |||||
} | |||||
EVP_CipherInit_ex(rc4, EVP_rc4(), NULL, sessionkey, NULL, 1); | |||||
EVP_Cipher(rc4, | |||||
masterkey, ireq.u.ntlmRequest.sessionkey->data, | masterkey, ireq.u.ntlmRequest.sessionkey->data, | ||||
sizeof(masterkey)); | sizeof(masterkey)); | ||||
EVP_CIPHER_CTX_cleanup(&rc4); | EVP_CIPHER_CTX_free(rc4); | ||||
r.u.ntlmResponse.sessionkey = | r.u.ntlmResponse.sessionkey = | ||||
malloc(sizeof(*r.u.ntlmResponse.sessionkey)); | malloc(sizeof(*r.u.ntlmResponse.sessionkey)); | ||||
if (r.u.ntlmResponse.sessionkey == NULL) { | if (r.u.ntlmResponse.sessionkey == NULL) { | ||||
ret = EINVAL; | ret = EINVAL; | ||||
krb5_set_error_message(context, ret, "malloc: out of memory"); | krb5_set_error_message(context, ret, "malloc: out of memory"); | ||||
goto out; | goto out; | ||||
} | } | ||||
▲ Show 20 Lines • Show All 139 Lines • Show Last 20 Lines |
Ironically, heimdal doesn't check for malloc failures for other dynamic libcrypto allocations here and in several other places.