Page MenuHomeFreeBSD
Differential D51990

krb5: Fix MIT KRB5 Bug #9181
ClosedPublic
Actions

Authored by cy on Aug 18 2025, 5:40 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 18, 11:13 AM
Unknown Object (File)
Mon, Nov 10, 5:14 PM
Unknown Object (File)
Wed, Nov 5, 3:01 PM
Unknown Object (File)
Wed, Nov 5, 12:24 PM
Unknown Object (File)
Wed, Nov 5, 10:52 AM
Unknown Object (File)
Wed, Nov 5, 7:06 AM
Unknown Object (File)
Wed, Nov 5, 1:33 AM
Unknown Object (File)
Tue, Nov 4, 11:31 PM
View All 28 Files
Subscribers
imp

Details

Reviewers
des
ivy
ngie
Group Reviewers
krb5
Summary

According to https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181,

The function verify_mic_v3() in src/lib/gssapi/krb5/verify_mic.c
calls kg_verify_checksum_v3() as it returns an OM_uint32 status
but kg_verify_checksum_v3() returns a krb5_boolean which has
the opposite interpretation:

  • OM_uint32 0 is GSS_S_COMPLETE so no error
  • krb5_boolean 0 is false so failure

There are at least two ways to fix this:

  • modify verify_mic_v3() body
  • kg_verify_checksum_v3() to return an OM_uint32 and update the other call in unwrap_v3() in src/lib/gssapi/krb5/unwap.c

Obtained from: Greg Hudson <rt@krbdev.mit.edu> on krbdev.mit.edu ML.

Test Plan

Running here since today.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Revision Contents
Changeset List

PathSize
crypto/
krb5/
src/
lib/
gssapi/
krb5/
10 lines
11 lines

Diff 160545

View Options

crypto/krb5/src/lib/gssapi/krb5/util_crypt.c

Loading...
View Options

crypto/krb5/src/lib/gssapi/krb5/verify_mic.c

Loading...