]> git.ipfire.org Git - thirdparty/krb5.git/commit
projects / thirdparty / krb5.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 036ce5e) | patch
Fix verification of RODC-issued PAC KDC signature 1208/head
authorIsaac Boukris <iboukris@gmail.com>
Tue, 10 Aug 2021 14:50:35 +0000 (17:50 +0300)
committerGreg Hudson <ghudson@mit.edu>
Sat, 25 Sep 2021 17:29:49 +0000 (13:29 -0400)
commitb5efdddd503020c2b64ccf9c30bb09117035f3ce
treea47b7f8e0f31a8051331cef98a7978147f2b0ac7tree
parent036ce5ef478679ca31a27d3e83f9c603f205dc90commit | diff
Fix verification of RODC-issued PAC KDC signature

Per [MS-PAC] 2.8, PAC_SIGNATURE_DATA may contain an RODCIdentifier
following the checksum.  In k5_pac_verify_kdc_checksum(), do not
assume that the checksum spans the remainder of the buffer; instead,
look up the checksum length by its type.

[ghudson@mit.edu: edited commit message and comment; reordered code
for clarity]

ticket: 9031 (new)
src/lib/krb5/krb/pac.c diff | blob | blame | history
Mirror of https://github.com/krb5/krb5.git