[krbdev.mit.edu #7919] git commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Fri Jun 27 13:15:21 EDT 2014
Treat LDAP KrbKey salt field as optional
Per the ASN.1 definition, the KrbKey salt field is optional. Since
1.7, we have been treating it as mandatory in the encoder; since 1.11,
we have been treating it as mandatory in the decoder. Mostly by luck,
we have been encoding a salt type of 0 when key_data_ver is 1, but we
really should not be looking at key_data_type[1] or key_data_length[1]
in this situation. Treat the salt field as optional in the encoder
and decoder. Although the previous commit ensures that we continue to
always encode a salt (without any dangerous assumptions about
krb5_key_data constructors), this change will allow us to decode key
data encoded by 1.6 without salt fields.
This also fixes issue #7918, by properly setting key_data_ver to 2 if
a salt type but no salt value is present. It is difficult to get the
decoder to actually assign 2 to key_data_ver just because the salt
field is there, so take care of that in asn1_decode_sequence_of_keys.
Adjust kdbtest.c to match the new behavior by setting key_data_ver to
2 in both test keys.
(cherry picked from commit fb5cd8df0dbd04dac4f610e68cba5b80a3cb8d48)
https://github.com/krb5/krb5/commit/cd957d3f62623168bcde3d66633f3d2fd4e775ba
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: cd957d3f62623168bcde3d66633f3d2fd4e775ba
Branch: krb5-1.12
src/lib/krb5/asn.1/ldap_key_seq.c | 19 ++++++++++++++++---
src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c | 6 ++++--
src/tests/kdbtest.c | 2 +-
3 files changed, 21 insertions(+), 6 deletions(-)
More information about the krb5-bugs
mailing list