Page MenuHomeFreeBSD

krb5: Fix MIT KRB5 Bug #9181
ClosedPublic

Authored by cy on Aug 18 2025, 5:40 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Jun 24, 4:26 AM
Unknown Object (File)
Mon, Jun 22, 3:27 PM
Unknown Object (File)
Sat, Jun 20, 1:26 PM
Unknown Object (File)
Fri, Jun 12, 11:03 PM
Unknown Object (File)
May 23 2026, 12:19 AM
Unknown Object (File)
May 16 2026, 2:29 AM
Unknown Object (File)
May 16 2026, 2:28 AM
Unknown Object (File)
May 16 2026, 2:28 AM
Subscribers

Details

Reviewers
des
ivy
ngie
Group Reviewers
krb5
Summary

According to https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181,

The function verify_mic_v3() in src/lib/gssapi/krb5/verify_mic.c
calls kg_verify_checksum_v3() as it returns an OM_uint32 status
but kg_verify_checksum_v3() returns a krb5_boolean which has
the opposite interpretation:

  • OM_uint32 0 is GSS_S_COMPLETE so no error
  • krb5_boolean 0 is false so failure

There are at least two ways to fix this:

  • modify verify_mic_v3() body
  • kg_verify_checksum_v3() to return an OM_uint32 and update the other call in unwrap_v3() in src/lib/gssapi/krb5/unwap.c

Obtained from: Greg Hudson <rt@krbdev.mit.edu> on krbdev.mit.edu ML.

Test Plan

Running here since today.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped