Fix verification of RODC-issued PAC KDC signature Per [MS-PAC] 2.8, PAC_SIGNATURE_DATA may contain an RODCIdentifier following the checksum. In k5_pac_verify_kdc_checksum(), do not assume that the checksum spans the remainder of the buffer; instead, look up the checksum length by its type. [ghudson@mit.edu: edited commit message and comment; reordered code for clarity] https://github.com/krb5/krb5/commit/b5efdddd503020c2b64ccf9c30bb09117035f3ce Author: Isaac Boukris Committer: Greg Hudson Commit: b5efdddd503020c2b64ccf9c30bb09117035f3ce Branch: master src/lib/krb5/krb/pac.c | 13 +++++++++++-- 1 files changed, 11 insertions(+), 2 deletions(-)