[27912] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Fix FAST critical option bit checking

daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Sep 3 19:44:02 2013

Date: Tue, 3 Sep 2013 19:43:50 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201309032343.r83Nhon7016160@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/95b03a6fef4b86d1f8fac0a6ef92e86d836e261f
commit 95b03a6fef4b86d1f8fac0a6ef92e86d836e261f
Author: Greg Hudson <ghudson@mit.edu>
Date:   Sat Aug 31 11:46:58 2013 -0400

    Fix FAST critical option bit checking
    
    The FAST option bits 0-15 are intended to be critical--if they are
    present and a KDC does not support them, the KDC is supposed to fail
    the request.  Because of an incorrect constant, we were erroneously
    recognizing bits 24-31 as critical.  Fix the constant.
    
    ticket: 7701 (new)

 src/include/k5-int.h |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index d6f9325..5119e66 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -776,8 +776,8 @@ typedef struct _krb5_fast_req {
     krb5_kdc_req *req_body;
 } krb5_fast_req;
 
-/* Bits 0-15 are critical in fast options.*/
-#define UNSUPPORTED_CRITICAL_FAST_OPTIONS 0x00ff
+/* Bits 0-15 are critical in FAST options (RFC 6113 section 7.3). */
+#define UNSUPPORTED_CRITICAL_FAST_OPTIONS   0xbfff0000
 #define KRB5_FAST_OPTION_HIDE_CLIENT_NAMES  0x40000000
 
 typedef struct _krb5_fast_finished {
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5

home help back first fref pref prev next nref lref last post