From: | ghudson@mit.edu |
Subject: | SVN Commit |
RFC 4120 defines the EncryptedData kvno field as an integer in the
range of unsigned 32-bit numbers. Windows encodes and decodes the
field as a signed 32-bit integer. Historically we do the same in our
encoder in 1.6 and prior, and in our decoder through 1.10. (Actually,
our decoder through 1.10 decoded the value as a long and then cast the
result to unsigned int, so it would accept positive values >= 2^31 on
64-bit platforms but not on 32-bit platforms.)
kvno values that large (or negative) are only likely to appear in the
context of Windows read-only domain controllers. So do what Windows
does instead of what RFC 4120 says.
https://github.com/krb5/krb5/commit/7558fb3af9f9fdfb8195333c11a70ab7b354f82c
Commit By: ghudson
Revision: 25703
Changed Files:
U trunk/src/lib/krb5/asn.1/asn1_k_encode.c