summaryrefslogtreecommitdiff
path: root/src/lib/gssapi/krb5/k5sealv3.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/gssapi/krb5/k5sealv3.c')
-rw-r--r--src/lib/gssapi/krb5/k5sealv3.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/lib/gssapi/krb5/k5sealv3.c b/src/lib/gssapi/krb5/k5sealv3.c
index 1a5c14c2713b..25d9f2711825 100644
--- a/src/lib/gssapi/krb5/k5sealv3.c
+++ b/src/lib/gssapi/krb5/k5sealv3.c
@@ -110,6 +110,7 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
krb5_data plain;
krb5_enc_data cipher;
size_t ec_max;
+ size_t encrypt_size;
/* 300: Adds some slop. */
if (SIZE_MAX - 300 < message->length)
@@ -128,7 +129,12 @@ gss_krb5int_make_seal_token_v3 (krb5_context context,
return err;
/* Get size of ciphertext. */
- bufsize = 16 + krb5_encrypt_size (plain.length, key->keyblock.enctype);
+ encrypt_size = krb5_encrypt_size(plain.length, key->keyblock.enctype);
+ if (encrypt_size > SIZE_MAX / 2) {
+ err = ENOMEM;
+ goto error;
+ }
+ bufsize = 16 + encrypt_size;
/* Allocate space for header plus encrypted data. */
outbuf = gssalloc_malloc(bufsize);
if (outbuf == NULL) {
@@ -301,7 +307,7 @@ gss_krb5int_unseal_token_v3(krb5_context *contextptr,
int *conf_state, gss_qop_t *qop_state, int toktype)
{
krb5_context context = *contextptr;
- krb5_data plain;
+ krb5_data plain = empty_data();
uint64_t seqnum;
size_t ec, rrc;
int key_usage;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-07 13:49:59 +0000