| From: | ghudson@mit.edu |
| Subject: | git commit |
Fix verification of RODC-issued PAC KDC signature
Per [MS-PAC] 2.8, PAC_SIGNATURE_DATA may contain an RODCIdentifier
following the checksum. In k5_pac_verify_kdc_checksum(), do not
assume that the checksum spans the remainder of the buffer; instead,
look up the checksum length by its type.
[ghudson@mit.edu: edited commit message and comment; reordered code
for clarity]
https://github.com/krb5/krb5/commit/b5efdddd503020c2b64ccf9c30bb09117035f3ce
Author: Isaac Boukris <iboukris@gmail.com>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: b5efdddd503020c2b64ccf9c30bb09117035f3ce
Branch: master
src/lib/krb5/krb/pac.c | 13 +++++++++++--
1 files changed, 11 insertions(+), 2 deletions(-)