Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id SAA08336; Wed, 21 Apr 2004 18:48:26 -0400 (EDT) Received: from pch.mit.edu (localhost [127.0.0.1]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i3LMmQos009030 for ; Wed, 21 Apr 2004 18:48:26 -0400 (EDT) Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i3LFELos018647 for ; Wed, 21 Apr 2004 11:14:21 -0400 (EDT) Received: from postman5.mx.aol.com (postman5.mx.aol.com [205.188.157.132]) i3LFEFJb009984 for ; Wed, 21 Apr 2004 11:14:15 -0400 (EDT) Received: from dragonz.office.aol.com (dragonz.office.aol.com [10.2.109.4]) by postman5.mx.aol.com (8.12.9/8.9.3) with ESMTP id i3LFDqmg011462 for ; Wed, 21 Apr 2004 11:13:53 -0400 (EDT) Received: (from zhang@localhost) by dragonz.office.aol.com (8.7.1/8.7.1) id LAA06637 for krb5-bugs@mit.edu; Wed, 21 Apr 2004 11:14:07 -0400 (EDT) From: Zhihong Zhang Message-Id: <200404211514.LAA06637@dragonz.office.aol.com> To: krb5-bugs@mit.edu Date: Wed, 21 Apr 2004 11:14:06 EDT X-Mailer: Elm [revision: 212.4] X-Mailman-Approved-At: Wed, 21 Apr 2004 18:48:23 -0400 Subject: DER Bug X-Beenthere: krb5-bugs-incoming@mit.edu X-Mailman-Version: 2.1 Precedence: list Sender: krb5-bugs-incoming-bounces@mit.edu Errors-To: krb5-bugs-incoming-bounces@mit.edu X-RT-Original-Encoding: iso-8859-1 Content-Length: 332 Found a bug in the DER decoder of KRB5-1.28. This loop in asn1_get.c is wrong, do{ retval = asn1buf_remove_octet(buf,&o); if(retval) return retval; tn = (tn<<7) + (asn1_tagnum)(o&0x7F); }while(tn&0x80); It should be "while(o&0x80)". The effect is that it can't decode any tags bigger than 30. Zhihong