krb5 commit: Fix FAST critical option bit checking
Greg Hudson
ghudson at MIT.EDU
Tue Sep 3 19:43:50 EDT 2013
https://github.com/krb5/krb5/commit/95b03a6fef4b86d1f8fac0a6ef92e86d836e261f
commit 95b03a6fef4b86d1f8fac0a6ef92e86d836e261f
Author: Greg Hudson <ghudson at mit.edu>
Date: Sat Aug 31 11:46:58 2013 -0400
Fix FAST critical option bit checking
The FAST option bits 0-15 are intended to be critical--if they are
present and a KDC does not support them, the KDC is supposed to fail
the request. Because of an incorrect constant, we were erroneously
recognizing bits 24-31 as critical. Fix the constant.
ticket: 7701 (new)
src/include/k5-int.h | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index d6f9325..5119e66 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -776,8 +776,8 @@ typedef struct _krb5_fast_req {
krb5_kdc_req *req_body;
} krb5_fast_req;
-/* Bits 0-15 are critical in fast options.*/
-#define UNSUPPORTED_CRITICAL_FAST_OPTIONS 0x00ff
+/* Bits 0-15 are critical in FAST options (RFC 6113 section 7.3). */
+#define UNSUPPORTED_CRITICAL_FAST_OPTIONS 0xbfff0000
#define KRB5_FAST_OPTION_HIDE_CLIENT_NAMES 0x40000000
typedef struct _krb5_fast_finished {
More information about the cvs-krb5
mailing list