[krbdev.mit.edu #9181] git commit
Greg Hudson via RT
rt at krbdev.mit.edu
Tue Aug 19 17:42:01 EDT 2025
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181 >
Fix GSS per-message token edge cases
Change g_verify_token_header() not to modify *in when the ASN.1 length
does not match the expected value. This edge case could result in
accepting an invalid ASN.1 wrapper when processing an RFC 1964 MIC or
wrap token.
Change decrypt_v3() to return GSS_S_BAD_SIG instead of GSS_S_FAILURE
when decryption fails, for specificity and consistency with previous
versions.
https://github.com/krb5/krb5/commit/a82922e097563aed650f9a3b17a52e3df12aa49b
Author: Greg Hudson <ghudson at mit.edu>
Commit: a82922e097563aed650f9a3b17a52e3df12aa49b
Branch: master
src/lib/gssapi/generic/util_token.c | 5 +-
src/lib/gssapi/krb5/unwrap.c | 2 +-
src/tests/gssapi/t_invalid.c | 177 +++++++++++++++++++++++++++++++++---
3 files changed, 167 insertions(+), 17 deletions(-)
More information about the krb5-bugs
mailing list