Page MenuHomeFreeBSD
Differential D51990

krb5: Fix MIT KRB5 Bug #9181
ClosedPublic
Actions

Authored by cy on Aug 18 2025, 5:40 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Oct 20, 9:10 PM
Unknown Object (File)
Tue, Oct 14, 9:24 AM
Unknown Object (File)
Sun, Oct 12, 12:48 AM
Unknown Object (File)
Sun, Oct 12, 12:48 AM
Unknown Object (File)
Sun, Oct 12, 12:48 AM
Unknown Object (File)
Sat, Oct 11, 3:18 PM
Unknown Object (File)
Tue, Oct 7, 6:23 AM
Unknown Object (File)
Sep 21 2025, 11:05 AM
View All 20 Files
Subscribers
imp

Details

Reviewers
des
ivy
ngie
Group Reviewers
krb5
Summary

According to https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181,

The function verify_mic_v3() in src/lib/gssapi/krb5/verify_mic.c
calls kg_verify_checksum_v3() as it returns an OM_uint32 status
but kg_verify_checksum_v3() returns a krb5_boolean which has
the opposite interpretation:

  • OM_uint32 0 is GSS_S_COMPLETE so no error
  • krb5_boolean 0 is false so failure

There are at least two ways to fix this:

  • modify verify_mic_v3() body
  • kg_verify_checksum_v3() to return an OM_uint32 and update the other call in unwrap_v3() in src/lib/gssapi/krb5/unwap.c

Obtained from: Greg Hudson <rt@krbdev.mit.edu> on krbdev.mit.edu ML.

Test Plan

Running here since today.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Revision Contents
Changeset List

PathSize
crypto/
krb5/
src/
lib/
gssapi/
krb5/
10 lines
11 lines

Diff 160545

View Options

crypto/krb5/src/lib/gssapi/krb5/util_crypt.c

Loading...
View Options

crypto/krb5/src/lib/gssapi/krb5/verify_mic.c

Loading...