Blame SOURCES/Include-length-when-using-krb5_c_decrypt.patch

1f3cc3
From 5dec1aeb0a6080ea661061b52248e60afc969426 Mon Sep 17 00:00:00 2001
1f3cc3
From: Robbie Harwood <rharwood@redhat.com>
1f3cc3
Date: Tue, 16 Apr 2019 16:08:32 -0400
1f3cc3
Subject: [PATCH] Include length when using krb5_c_decrypt()
1f3cc3
1f3cc3
For some enctypes, krb5_c_decrypt() will add padding bytes which are
1f3cc3
included in the returned length.  However, functions which use the
1f3cc3
objects we're storing aren't always prepared for that: in particular,
1f3cc3
gss_import_cred() will declare a token invalid if there's trailing
1f3cc3
garbage.
1f3cc3
1f3cc3
Work around this by including 4 bytes of length on encrypted objects.
1f3cc3
1f3cc3
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
1f3cc3
Reviewed-by: Simo Sorce <simo@redhat.com>
1f3cc3
Merges: #244
1f3cc3
(cherry picked from commit 87957caf541114f6f15a495dd7d30556dc5801d9)
1f3cc3
---
1f3cc3
 src/gp_export.c | 35 +++++++++++++++++++++++++++++++----
1f3cc3
 1 file changed, 31 insertions(+), 4 deletions(-)
1f3cc3
1f3cc3
diff --git a/src/gp_export.c b/src/gp_export.c
1f3cc3
index 7ad8037..aa0a8ec 100644
1f3cc3
--- a/src/gp_export.c
1f3cc3
+++ b/src/gp_export.c
1f3cc3
@@ -193,6 +193,9 @@ done:
1f3cc3
     return ret_maj;
1f3cc3
 }
1f3cc3
 
1f3cc3
+/* We need to include a length in our payloads because krb5_c_decrypt() will
1f3cc3
+ * pad the contents for some enctypes, and gss_import_cred() doesn't like
1f3cc3
+ * having extra bytes on tokens. */
1f3cc3
 static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
1f3cc3
                              size_t len, void *buf, octet_string *out)
1f3cc3
 {
1f3cc3
@@ -200,9 +203,27 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
1f3cc3
     krb5_data data_in;
1f3cc3
     krb5_enc_data enc_handle;
1f3cc3
     size_t cipherlen;
1f3cc3
+    char *packed = NULL;
1f3cc3
+    uint32_t netlen;
1f3cc3
 
1f3cc3
-    data_in.length = len;
1f3cc3
-    data_in.data = buf;
1f3cc3
+    if (len > (uint32_t)(-1)) {
1f3cc3
+        /* Needs to fit in 4 bytes of payload, so... */
1f3cc3
+        ret = ENOMEM;
1f3cc3
+        goto done;
1f3cc3
+    }
1f3cc3
+
1f3cc3
+    packed = malloc(len);
1f3cc3
+    if (!packed) {
1f3cc3
+        ret = errno;
1f3cc3
+        goto done;
1f3cc3
+    }
1f3cc3
+
1f3cc3
+    netlen = htonl(len);
1f3cc3
+    memcpy(packed, (uint8_t *)&netlen, 4);
1f3cc3
+    memcpy(packed + 4, buf, len);
1f3cc3
+
1f3cc3
+    data_in.length = len + 4;
1f3cc3
+    data_in.data = packed;
1f3cc3
 
1f3cc3
     memset(&enc_handle, '\0', sizeof(krb5_enc_data));
1f3cc3
 
1f3cc3
@@ -240,16 +261,19 @@ static int gp_encrypt_buffer(krb5_context context, krb5_keyblock *key,
1f3cc3
     }
1f3cc3
 
1f3cc3
 done:
1f3cc3
+    free(packed);
1f3cc3
     free(enc_handle.ciphertext.data);
1f3cc3
     return ret;
1f3cc3
 }
1f3cc3
 
1f3cc3
+/* See comment above on gp_encrypt_buffer(). */
1f3cc3
 static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
1f3cc3
-                             octet_string *in, size_t *len, void *buf)
1f3cc3
+                             octet_string *in, size_t *len, char *buf)
1f3cc3
 {
1f3cc3
     int ret;
1f3cc3
     krb5_data data_out;
1f3cc3
     krb5_enc_data enc_handle;
1f3cc3
+    uint32_t netlen;
1f3cc3
 
1f3cc3
     memset(&enc_handle, '\0', sizeof(krb5_enc_data));
1f3cc3
 
1f3cc3
@@ -270,7 +294,10 @@ static int gp_decrypt_buffer(krb5_context context, krb5_keyblock *key,
1f3cc3
         return ret;
1f3cc3
     }
1f3cc3
 
1f3cc3
-    *len = data_out.length;
1f3cc3
+    /* And handle the padding. */
1f3cc3
+    memcpy(&netlen, buf, 4);
1f3cc3
+    *len = ntohl(netlen);
1f3cc3
+    memmove(buf, buf + 4, *len);
1f3cc3
 
1f3cc3
     return 0;
1f3cc3
 }