KRB-SAFE bug effects KRB-PRIV too?
John Hascall
john at iastate.edu
Fri Apr 9 21:41:20 EDT 2004
I have an application that I am upgrading from K4 to K5
which used/s krb[5]_{mk|rd}_priv and which while testing
my new version I have seen return ASN1_MISSING_FIELD.
A google search turned up
http://mailman.mit.edu/pipermail/krb5-bugs/2003-September/001810.html
which mentioned a similar problem with the krb5_xx_safe
routines. And it appears from the ChangeLog that shortly thereafter
the fix mentioned in
http://mailman.mit.edu/pipermail/krb5-bugs/2003-September/001811.html
was applied for the 'safe' routines:
2003-10-08 Tom Yu <tlyu at mit.edu>
* asn1_k_encode.c (asn1_encode_krb_saved_safe_body): New function;
kludge to insert a raw pre-encoded KRB-SAFE-BODY.
* asn1_k_encode.h (asn1_encode_krb_saved_safe_body): Add
prototype.
* krb5_decode.c (decode_krb5_safe_with_body): New function; saves
a copy of the encoding of the KRB-SAFE-BODY to avoid problems
caused by re-encoding it during verification.
* krb5_encode.c (encode_krb5_safe_with_body): New function;
re-encode a KRB-SAFE using a saved KRB-SAFE-BODY encoding, to
avoid trouble with re-encoding a KRB-SAFE-BODY.
So, since it doesn't mention fixing KRB-PRIV and knowing that it is similar
to KRB-SAFE, I'm wondering if the same problem lurks there?
John
More information about the krbdev
mailing list