Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.427 (Entity 5.427)
From: ghudson@mit.edu
Subject: SVN Commit
X-RT-Original-Encoding: iso-8859-1
Content-Length: 813


RFC 4120 defines the EncryptedData kvno field as an integer in the
range of unsigned 32-bit numbers.  Windows encodes and decodes the
field as a signed 32-bit integer.  Historically we do the same in our
encoder in 1.6 and prior, and in our decoder through 1.10.  (Actually,
our decoder through 1.10 decoded the value as a long and then cast the
result to unsigned int, so it would accept positive values >= 2^31 on
64-bit platforms but not on 32-bit platforms.)

kvno values that large (or negative) are only likely to appear in the
context of Windows read-only domain controllers.  So do what Windows
does instead of what RFC 4120 says.

https://github.com/krb5/krb5/commit/7558fb3af9f9fdfb8195333c11a70ab7b354f82c
Commit By: ghudson
Revision: 25703
Changed Files:
U   trunk/src/lib/krb5/asn.1/asn1_k_encode.c