[krbdev.mit.edu #1418] CVS Commit
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Sun Apr 13 07:18:46 EDT 2003
Avoid really, really huge cpu time usage caused by iteration count in
spoofed preauth data. (Merely huge cpu time usage is probably still
possible.)
* aes_s2k.c (krb5int_aes_string_to_key): Return an error if the supplied
iteration count is really, really large.
To generate a diff of this commit:
cvs diff -r1.4 -r1.5 krb5/src/lib/crypto/aes/ChangeLog
cvs diff -r1.1 -r1.2 krb5/src/lib/crypto/aes/aes_s2k.c
More information about the krb5-bugs
mailing list