[krbdev.mit.edu #7092] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Tue Feb 21 13:57:45 EST 2012
RFC 4120 defines the EncryptedData kvno field as an integer in the
range of unsigned 32-bit numbers. Windows encodes and decodes the
field as a signed 32-bit integer. Historically we do the same in our
encoder in 1.6 and prior, and in our decoder through 1.10. (Actually,
our decoder through 1.10 decoded the value as a long and then cast the
result to unsigned int, so it would accept positive values >= 2^31 on
64-bit platforms but not on 32-bit platforms.)
kvno values that large (or negative) are only likely to appear in the
context of Windows read-only domain controllers. So do what Windows
does instead of what RFC 4120 says.
http://src.mit.edu/fisheye/changelog/krb5/?cs=25703
Commit By: ghudson
Revision: 25703
Changed Files:
U trunk/src/lib/krb5/asn.1/asn1_k_encode.c
More information about the krb5-bugs
mailing list