KRB5KRB_AP_ERR_MODIFIED: MIT Kerberos 1.8.1 & arcfour-hmac-md5 session key
Tom Yu
tlyu at MIT.EDU
Fri Jun 4 15:07:18 EDT 2010
Richard Silverman <res at qoxp.net> writes:
> On Fri, 4 Jun 2010, Greg Hudson wrote:
>
>> On Fri, 2010-06-04 at 12:24 -0400, Richard E. Silverman wrote:
>>> I tracked down the bug.
>>
>> With apologies for being a pain in the butt, I'm not sure we understand
>> the situation well enough to safely make a change.
>
> Not at all; it has to be done right.
>
>> Providing zero-length input data is not the same as not providing any
>> input data.
>
> I don't understand your point here -- from a calling perspective of course
> they are distinguishable, but they *mean* the same thing, do they not? I
> mean, the AP_REQ either has application data accompanying it, or it
> doesn't. What does a null in_data pointer indicate in that regard that a
> pointer to an empty buffer doesn't (or vice versa)?
A string of zero length is different from an absent string. Among
other things, they are encoded differently in the protocol.
>> The change you suggested could have interoperability or security
>> ramifications if an application genuinely wants to checksum the empty
>> string in an authenticator.
>
> This is a matter of the spec, isn't it? It's not a question of what an
> application *wants* to do; it's a question of what is *supposed* to be
> done when there is no application data. The RFC says of the checksum:
>
> 5.3.2. Authenticators
> ...
> cksum This field contains a checksum of the the application data
> that accompanies the KRB_AP_REQ.
>
> ... and says nothing further about how to treat the situation of no
> application data. In particular, it does not specify some special action
> to be taken in that case (e.g. a zero checksum). In the absence of that,
> I interpret it to mean that the checksum should be computed over the empty
> string in that case. And my patch assures that if krb5_mk_req_extended()
> is passed an empty buffer, it will checksum the empty string (it didn't
> before).
The checksum field of an authenticator is an optional field. The
logical thing to do if there is no application data is to omit the
checksum field. If the application data consists of a zero-length
string, then it makes sense to checksum the zero-length string.
More information about the Kerberos
mailing list