krb5: Fix MIT KRB5 Bug #9181

According to https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181, The function verify_mic_v3() in src/lib/gssapi/krb5/verify_mic.c calls kg_verify_checksum_v3() as it returns an OM_uint32 status but kg_verify_checksum_v3() returns a krb5_boolean which has the opposite interpretation: - OM_uint32 0 is GSS_S_COMPLETE so no error - krb5_boolean 0 is false so failure This patch will be in MIT KRB5 1.22.1. Obtained from: Greg Hudson <rt@krbdev.mit.edu> on krbdev.mit.edu ML. Reviewed by: ivy, ngie Differential review: https://reviews.freebsd.org/D51990
2026-06-06 07:12:52 -04:00 · 2025-08-17 01:05:42 -07:00 · 2025-08-17 01:05:42 -07:00 · f96110babb
commit f96110babb
parent d5f55356a2
2 changed files with 11 additions and 10 deletions
--- a/crypto/krb5/src/lib/gssapi/krb5/util_crypt.c
+++ b/crypto/krb5/src/lib/gssapi/krb5/util_crypt.c
@ -322,12 +322,16 @@ kg_verify_checksum_v3(krb5_context context, krb5_key key, krb5_keyusage usage,
    uint8_t ckhdr[16];
    krb5_boolean valid;

-    /* Compose an RFC 4121 token header with EC and RRC set to 0. */
+    /*
+     * Compose an RFC 4121 token header for the checksum.  For a wrap token,
+     * the EC and RRC fields have the value 0 for the checksum operation,
+     * regardless of their values in the actual token (RFC 4121 section 4.2.4).
+     * For a MIC token, the corresponding four bytes have the value 0xFF.
+     */
    store_16_be(toktype, ckhdr);
    ckhdr[2] = flags;
    ckhdr[3] = 0xFF;
-    store_16_be(0, ckhdr + 4);
-    store_16_be(0, ckhdr + 6);
+    store_32_be((toktype == KG2_TOK_MIC_MSG) ? 0xFFFFFFFF : 0, ckhdr + 4);
    store_64_be(seqnum, ckhdr + 8);

    /* Verify the checksum over the data and composed header. */
--- a/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
+++ b/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
@ -90,7 +90,6 @@ verify_mic_v3(krb5_context context, OM_uint32 *minor_status,
              krb5_gss_ctx_id_rec *ctx, struct k5input *in,
              gss_buffer_t message)
 {
-    OM_uint32 status;
    krb5_keyusage usage;
    krb5_key key;
    krb5_cksumtype cksumtype;
@ -124,12 +123,10 @@ verify_mic_v3(krb5_context context, OM_uint32 *minor_status,
    }
    assert(key != NULL);

-    status = kg_verify_checksum_v3(context, key, usage, cksumtype,
-                                   KG2_TOK_MIC_MSG, flags, seqnum,
-                                   message->value, message->length,
-                                   in->ptr, in->len);
-    if (status != GSS_S_COMPLETE)
-        return status;
+    if (!kg_verify_checksum_v3(context, key, usage, cksumtype, KG2_TOK_MIC_MSG,
+                               flags, seqnum, message->value, message->length,
+                               in->ptr, in->len))
+        return GSS_S_BAD_SIG;

    return g_seqstate_check(ctx->seqstate, seqnum);
 }