[17043] in Kerberos-V5-bugs
[Comment] [krbdev.mit.edu #9181] verify_mic_v3 broken in 1.22
daemon@ATHENA.MIT.EDU (Cy Schubert via RT)
Sun Aug 17 04:04:37 2025
From: "Cy Schubert via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: <20250817080423.03EB8412@slippy.cwsent.com>
Message-ID: <rt-4.4.3-2-3518203-1755417866-577.9181-8-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9181":;
Date: Sun, 17 Aug 2025 04:04:26 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181
This is a comment. It is not sent to the Requestor(s):
In message <rt-4.4.3-2-3487538-1755397890-231.9181-4-0@mit.edu>, "Francis
Dupon
t via RT" writes:
>
> Sat Aug 16 22:31:29 2025: Request 9181 was acted upon.
> Transaction: Ticket created by fdupont@isc.org
> Queue: krb5
> Subject: verify_mic_v3 broken in 1.22
> Owner: Nobody
> Requestors: fdupont@isc.org
> Status: new
> Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181 >
>
>
> The function verify_mic_v3() in src/lib/gssapi/krb5/verify_mic.c
> calls kg_verify_checksum_v3() as it returns an OM_uint32 status
> but kg_verify_checksum_v3() returns a krb5_boolean which has
> the opposite interpretation:
> - OM_uint32 0 is GSS_S_COMPLETE so no error
> - krb5_boolean 0 is false so failure
>
> There are at least two ways to fix this:
> - modify verify_mic_v3() body
> - kg_verify_checksum_v3() to return an OM_uint32 and update the other
> call in unwrap_v3() in src/lib/gssapi/krb5/unwap.c
Wouldn't this fix it?
diff --git a/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
b/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
index 9852f49912a9..a9b146f90ba1 100644
--- a/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
+++ b/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
@@ -90,7 +90,6 @@ verify_mic_v3(krb5_context context, OM_uint32
*minor_status,
krb5_gss_ctx_id_rec *ctx, struct k5input *in,
gss_buffer_t message)
{
- OM_uint32 status;
krb5_keyusage usage;
krb5_key key;
krb5_cksumtype cksumtype;
@@ -124,12 +123,11 @@ verify_mic_v3(krb5_context context, OM_uint32
*minor_status,
}
assert(key != NULL);
- status = kg_verify_checksum_v3(context, key, usage, cksumtype,
+ if (!kg_verify_checksum_v3(context, key, usage, cksumtype,
KG2_TOK_MIC_MSG, flags, seqnum,
message->value, message->length,
- in->ptr, in->len);
- if (status != GSS_S_COMPLETE)
- return status;
+ in->ptr, in->len))
+ return (GSS_S_BAD_SIG);
return g_seqstate_check(ctx->seqstate, seqnum);
}
>
> Regards
>
> Francis Dupont <fdupont@isc.org>
>
> PS: this bug breaks unit tests checking the GSS_C_INTEG_FLAG of a GSS TSIG
> code on FreeBSD and macOS two systems where 1.22 was installed.
>
> _______________________________________________
> krb5-bugs mailing list
> krb5-bugs@mit.edu
> https://mailman.mit.edu/mailman/listinfo/krb5-bugs
>
--
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org
NTP: <cy@nwtime.org> Web: https://nwtime.org
e**(i*pi)+1=0
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
