[17044] in Kerberos-V5-bugs
[Comment] [krbdev.mit.edu #9181] verify_mic_v3 broken in 1.22
daemon@ATHENA.MIT.EDU (Cy Schubert via RT)
Sun Aug 17 11:22:36 2025
From: "Cy Schubert via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: <20250817152222.7CA8F281@slippy.cwsent.com>
Message-ID: <rt-4.4.3-2-3572882-1755444148-527.9181-8-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9181":;
Date: Sun, 17 Aug 2025 11:22:28 -0400
MIME-Version: 1.0
Reply-To: rt-comment@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181
This is a comment. It is not sent to the Requestor(s):
In message <rt-4.4.3-2-3518203-1755417866-577.9181-8-0@mit.edu>, "Cy
Schubert v
ia RT" writes:
>
> https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181
> This is a comment. It is not sent to the Requestor(s):
>
> In message <rt-4.4.3-2-3487538-1755397890-231.9181-4-0@mit.edu>, "Francis
> Dupon
> t via RT" writes:
> >
> > Sat Aug 16 22:31:29 2025: Request 9181 was acted upon.
> > Transaction: Ticket created by fdupont@isc.org
> > Queue: krb5
> > Subject: verify_mic_v3 broken in 1.22
> > Owner: Nobody
> > Requestors: fdupont@isc.org
> > Status: new
> > Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181 >
> >
> >
> > The function verify_mic_v3() in src/lib/gssapi/krb5/verify_mic.c
> > calls kg_verify_checksum_v3() as it returns an OM_uint32 status
> > but kg_verify_checksum_v3() returns a krb5_boolean which has
> > the opposite interpretation:
> > - OM_uint32 0 is GSS_S_COMPLETE so no error
> > - krb5_boolean 0 is false so failure
> >
> > There are at least two ways to fix this:
> > - modify verify_mic_v3() body
> > - kg_verify_checksum_v3() to return an OM_uint32 and update the other
> > call in unwrap_v3() in src/lib/gssapi/krb5/unwap.c
>
> Wouldn't this fix it?
>
> diff --git a/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
> b/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
> index 9852f49912a9..a9b146f90ba1 100644
> --- a/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
> +++ b/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
> @@ -90,7 +90,6 @@ verify_mic_v3(krb5_context context, OM_uint32
> *minor_status,
> krb5_gss_ctx_id_rec *ctx, struct k5input *in,
> gss_buffer_t message)
> {
> - OM_uint32 status;
> krb5_keyusage usage;
> krb5_key key;
> krb5_cksumtype cksumtype;
> @@ -124,12 +123,11 @@ verify_mic_v3(krb5_context context, OM_uint32
> *minor_status,
> }
> assert(key != NULL);
>
> - status = kg_verify_checksum_v3(context, key, usage, cksumtype,
> + if (!kg_verify_checksum_v3(context, key, usage, cksumtype,
> KG2_TOK_MIC_MSG, flags, seqnum,
> message->value, message->length,
> - in->ptr, in->len);
> - if (status != GSS_S_COMPLETE)
> - return status;
> + in->ptr, in->len))
> + return (GSS_S_BAD_SIG);
>
> return g_seqstate_check(ctx->seqstate, seqnum);
> }
>
This won't work.
--
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org
NTP: <cy@nwtime.org> Web: https://nwtime.org
e**(i*pi)+1=0
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
