aboutsummaryrefslogtreecommitdiff
path: root/crypto/heimdal
diff options
context:
space:
mode:
authorCy Schubert <cy@FreeBSD.org>2024-02-14 20:04:30 +0000
committerCy Schubert <cy@FreeBSD.org>2024-02-15 21:27:54 +0000
commit24339377490f9e362d040712b534d2963decd2d7 (patch)
treeb8339278341d83674169b88427905f15722b7264 /crypto/heimdal
parentf8041e3628bd70cf5562a9c13eb3d6af8463e720 (diff)
Diffstat (limited to 'crypto/heimdal')
-rw-r--r--crypto/heimdal/kdc/krb5tgs.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/crypto/heimdal/kdc/krb5tgs.c b/crypto/heimdal/kdc/krb5tgs.c
index cde869522e23..cf1cd3dc1ad0 100644
--- a/crypto/heimdal/kdc/krb5tgs.c
+++ b/crypto/heimdal/kdc/krb5tgs.c
@@ -1892,6 +1892,13 @@ server_lookup:
goto out;
}
+ if (!krb5_checksum_is_keyed(context, self.cksum.cksumtype)) {
+ free_PA_S4U2Self(&self);
+ kdc_log(context, config, 0, "Reject PA-S4U2Self with unkeyed checksum");
+ ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
+ goto out;
+ }
+
ret = _krb5_s4u2self_to_checksumdata(context, &self, &datack);
if (ret)
goto out;
generated by cgit v1.3 (git 2.53.0) at 2026-05-12 23:35:29 +0000