[17069] in Kerberos-V5-bugs
[krbdev.mit.edu #9192] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Tue Jan 20 19:45:43 2026
From: "Greg Hudson via RT" <rt@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.3-2-3221669-1768956337-826.9192-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9192":;
Date: Tue, 20 Jan 2026 19:45:37 -0500
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9192 >
Fix minor logic errors
In k5_externalize_auth_context(), serialize the correct field when
local_port is set. This is not a reachable bug because the function
is only accessible via gss_export_sec_context(), and the GSS library
does not set a local port. Commit
e50f46b210ddafe85cc917e2571516ade46bc65f fixed a similar bug for
remote_port.
In krb5_pac_get_types(), correct the allocation of *types_out. (The
previous code was safe in spite of its incorrectness, because the size
of a pointer is at least as big as the size of uint32_t.)
Change make_spnego_tokenTarg_msg() to return 0 on success and -1 on
failure, to match make_spnego_tokenInit_msg() and the expectations of
its call sites. Commit fdceb225f881e2b1337eebcb9a9443fa4a9be3fd is
partly to blame as it changed the return type from int to OM_uint32,
but prior to that the function still returned GSS major codes rather
than -1 on error.
https://github.com/krb5/krb5/commit/5f4e17c8e2c31201628ab260f0991e8e47c8f1d2
Author: Greg Hudson <ghudson@mit.edu>
Commit: 5f4e17c8e2c31201628ab260f0991e8e47c8f1d2
Branch: master
src/lib/gssapi/spnego/spnego_mech.c | 10 +++++-----
src/lib/krb5/krb/pac.c | 2 +-
src/lib/krb5/krb/ser_actx.c | 2 +-
3 files changed, 7 insertions(+), 7 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
