KRB-SAFE bug effects KRB-PRIV too?

John Hascall john at
Fri Apr 9 21:41:20 EDT 2004

I have an application that I am upgrading from K4 to K5
which used/s krb[5]_{mk|rd}_priv and which while testing
my new version I have seen return ASN1_MISSING_FIELD.

A google search turned up
which mentioned a similar problem with the krb5_xx_safe
routines.  And it appears from the ChangeLog that shortly thereafter
the fix mentioned in
was applied for the 'safe' routines:

2003-10-08  Tom Yu  <tlyu at>

        * asn1_k_encode.c (asn1_encode_krb_saved_safe_body): New function;
        kludge to insert a raw pre-encoded KRB-SAFE-BODY.

        * asn1_k_encode.h (asn1_encode_krb_saved_safe_body): Add

        * krb5_decode.c (decode_krb5_safe_with_body): New function; saves
        a copy of the encoding of the KRB-SAFE-BODY to avoid problems
        caused by re-encoding it during verification.

        * krb5_encode.c (encode_krb5_safe_with_body): New function;
        re-encode a KRB-SAFE using a saved KRB-SAFE-BODY encoding, to
        avoid trouble with re-encoding a KRB-SAFE-BODY.

So, since it doesn't mention fixing KRB-PRIV and knowing that it is similar
to KRB-SAFE, I'm wondering if the same problem lurks there?


More information about the krbdev mailing list