bug with SGN_ALG_MD2_5 case handling in kg_unseal_v1()?
Greg Hudson
ghudson at mit.edu
Fri Apr 14 02:12:47 EDT 2017
On 04/13/2017 03:55 PM, Will Fiveash wrote:
> In src/lib/gssapi/krb5/k5unseal.c:kg_unseal_v1() at line 381 which is
> part of the case SGN_ALG_MD2_5 block I see:
>
> code = k5_bcmp(md5cksum.contents, ptr + 14, 8);
> /* Falls through to defective-token?? */
>
> default:
> *minor_status = 0;
> return(GSS_S_DEFECTIVE_TOKEN);
>
> This seems like a bug given the processing that precedes this, thoughts?
It does look like a bug. The code's been like that since 1.0; the
comment was added in 1.2. It would seem that unwrapping tokens using
SGN_ALG_MD2_5 never worked, and we could probably get rid of the code.
Neither our code nor Heimdal's appears to choose SGN_ALG_MD2_5 when
creating tokens, by my reading.
(According to RFC 1964, "MD2.5" refers to using half of the 128-bit MD5
checksum; it doesn't actually reference the MD2 hash algorithm.)
More information about the krbdev
mailing list