]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 83cd76b) | patch
Fix GSS per-message token edge cases master
authorGreg Hudson <ghudson@mit.edu>
Mon, 18 Aug 2025 23:03:57 +0000 (19:03 -0400)
committerGreg Hudson <ghudson@mit.edu>
Tue, 19 Aug 2025 21:22:47 +0000 (17:22 -0400)
commita82922e097563aed650f9a3b17a52e3df12aa49b
treec028c63c0add51726216cb48644cee4b3f9f67ectree
parent83cd76b11b069afbc6162edecb30096571e89dd5commit | diff
Fix GSS per-message token edge cases

Change g_verify_token_header() not to modify *in when the ASN.1 length
does not match the expected value.  This edge case could result in
accepting an invalid ASN.1 wrapper when processing an RFC 1964 MIC or
wrap token.

Change decrypt_v3() to return GSS_S_BAD_SIG instead of GSS_S_FAILURE
when decryption fails, for specificity and consistency with previous
versions.

ticket: 9181
src/lib/gssapi/generic/util_token.c diff | blob | blame | history
src/lib/gssapi/krb5/unwrap.c diff | blob | blame | history
src/tests/gssapi/t_invalid.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git