[17050] in Kerberos-V5-bugs
[krbdev.mit.edu #9181] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Aug 20 14:31:15 2025
From: "Greg Hudson via RT" <rt@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-4052512-1755714661-159.9181-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9181":;
Date: Wed, 20 Aug 2025 14:31:01 -0400
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181 >
Fix GSS per-message token edge cases
Change g_verify_token_header() not to modify *in when the ASN.1 length
does not match the expected value. This edge case could result in
accepting an invalid ASN.1 wrapper when processing an RFC 1964 MIC or
wrap token.
Change decrypt_v3() to return GSS_S_BAD_SIG instead of GSS_S_FAILURE
when decryption fails, for specificity and consistency with previous
versions.
(cherry picked from commit a82922e097563aed650f9a3b17a52e3df12aa49b)
https://github.com/krb5/krb5/commit/39505dd399e35ff2812304073e54cac017667698
Author: Greg Hudson <ghudson@mit.edu>
Commit: 39505dd399e35ff2812304073e54cac017667698
Branch: krb5-1.22
src/lib/gssapi/generic/util_token.c | 5 +-
src/lib/gssapi/krb5/unwrap.c | 2 +-
src/tests/gssapi/t_invalid.c | 177 +++++++++++++++++++++++++++++++++---
3 files changed, 167 insertions(+), 17 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
