From ca6e4280936cb11ba76211857e45cc25f0eb5e1c Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Thu, 30 Jul 2009 07:53:58 +0200
Subject: [PATCH] check that we don't pass negative numbers of memset [CID-169]

---
 lib/krb5/pkinit.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/lib/krb5/pkinit.c b/lib/krb5/pkinit.c
index 18b5b5e01..373953539 100644
--- a/lib/krb5/pkinit.c
+++ b/lib/krb5/pkinit.c
@@ -1402,6 +1402,7 @@ pk_rd_pa_reply_dh(krb5_context context,
 				       kdc_dh_pubkey, ctx->u.dh);
 	if (dh_gen_keylen == -1) {
 	    ret = KRB5KRB_ERR_GENERIC;
+	    dh_gen_keylen = 0;
 	    krb5_set_error_message(context, ret,
 				   N_("PKINIT: Can't compute Diffie-Hellman key", ""));
 	    goto out;
@@ -1446,6 +1447,7 @@ pk_rd_pa_reply_dh(krb5_context context,
 	EC_KEY_free(public);
 	if (dh_gen_keylen == -1) {
 	    ret = KRB5KRB_ERR_GENERIC;
+	    dh_gen_keylen = 0;
 	    krb5_set_error_message(context, ret,
 				   N_("PKINIT: Can't compute ECDH public key", ""));
 	    goto out;
@@ -1455,6 +1457,11 @@ pk_rd_pa_reply_dh(krb5_context context,
 #endif
     }
 	
+    if (dh_gen_keylen >= 0) {
+	ret = EINVAL;
+	goto out;
+    }
+
     *key = malloc (sizeof (**key));
     if (*key == NULL) {
 	ret = ENOMEM;
-- 
2.11.4.GIT