Fix minor utf8-to-ucs2s read overrun bug

k5_utf8s_to_ucs2s() reads and ignores one extra byte from the input string before terminating its loop, possibly overrunning the input buffer of its caller. This overrun is typically without consequence, but can show up in tools like asan or valgrind during RC4 string-to-key operations. Fix the bug by swapping the order of the loop conditions. (cherry picked from commit eb52da21d72faa3d00b1205a5a0fdbabc45c9e6d) ticket: 8290 (new) version_fixed: 1.13.3 status: resolved
author: Greg Hudson <ghudson@mit.edu> 2015-09-25 17:31:53 -0400
committer: Tom Yu <tlyu@mit.edu> 2015-12-02 14:35:07 -0500
commit: 477b3c2c9cb76dc2832a488cda07f4171100b364 (patch)
tree: ac794b609d7723f210df68c7418b9d137f2d6846 /src
parent: 7403bd7c97821fe47e5d5ca83d216748aaa03d7e (diff)
download: krb5-477b3c2c9cb76dc2832a488cda07f4171100b364.zip
krb5-477b3c2c9cb76dc2832a488cda07f4171100b364.tar.gz
krb5-477b3c2c9cb76dc2832a488cda07f4171100b364.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/util/support/utf8_conv.c b/src/util/support/utf8_conv.c
index 1f6cc8f..80ca90b 100644
--- a/src/util/support/utf8_conv.c
+++ b/src/util/support/utf8_conv.c
@@ -84,7 +84,7 @@ k5_utf8s_to_ucs2s(krb5_ucs2 *ucs2str,
     }
 
     /* Examine next UTF-8 character.  */
-    while (*utf8str && ucs2len < count) {
+    while (ucs2len < count && *utf8str != '\0') {
         /* Get UTF-8 sequence length from 1st byte */
         utflen = KRB5_UTF8_CHARLEN2(utf8str, utflen);
author	Greg Hudson <ghudson@mit.edu>	2015-09-25 17:31:53 -0400
committer	Tom Yu <tlyu@mit.edu>	2015-12-02 14:35:07 -0500
commit	477b3c2c9cb76dc2832a488cda07f4171100b364 (patch)
tree	ac794b609d7723f210df68c7418b9d137f2d6846 /src
parent	7403bd7c97821fe47e5d5ca83d216748aaa03d7e (diff)
download	krb5-477b3c2c9cb76dc2832a488cda07f4171100b364.zip krb5-477b3c2c9cb76dc2832a488cda07f4171100b364.tar.gz krb5-477b3c2c9cb76dc2832a488cda07f4171100b364.tar.bz2