bug with SGN_ALG_MD2_5 case handling in kg_unseal_v1()?
will.fiveash at oracle.com
Thu Apr 13 15:55:56 EDT 2017
In src/lib/gssapi/krb5/k5unseal.c:kg_unseal_v1() at line 381 which is
part of the case SGN_ALG_MD2_5 block I see:
code = k5_bcmp(md5cksum.contents, ptr + 14, 8);
/* Falls through to defective-token?? */
*minor_status = 0;
This seems like a bug given the processing that precedes this, thoughts?
Oracle Solaris Software Engineer
More information about the krbdev