krb5: Fix MIT KRB5 Bug #9181

cschuber · cschuber · commit f96110babbe1 · 2025-08-19T07:41:12.000-07:00
According to https://krbdev.mit.edu/rt/Ticket/Display.html?id=9181, The function verify_mic_v3() in src/lib/gssapi/krb5/verify_mic.c calls kg_verify_checksum_v3() as it returns an OM_uint32 status but kg_verify_checksum_v3() returns a krb5_boolean which has the opposite interpretation: - OM_uint32 0 is GSS_S_COMPLETE so no error - krb5_boolean 0 is false so failure This patch will be in MIT KRB5 1.22.1. Obtained from: Greg Hudson <rt@krbdev.mit.edu> on krbdev.mit.edu ML. Reviewed by: ivy, ngie Differential review: https://reviews.freebsd.org/D51990
diff --git a/crypto/krb5/src/lib/gssapi/krb5/util_crypt.c b/crypto/krb5/src/lib/gssapi/krb5/util_crypt.c
@@ -322,12 +322,16 @@ kg_verify_checksum_v3(krb5_context context, krb5_key key, krb5_keyusage usage,
     uint8_t ckhdr[16];
     krb5_boolean valid;
 
-    /* Compose an RFC 4121 token header with EC and RRC set to 0. */
+    /*
+     * Compose an RFC 4121 token header for the checksum.  For a wrap token,
+     * the EC and RRC fields have the value 0 for the checksum operation,
+     * regardless of their values in the actual token (RFC 4121 section 4.2.4).
+     * For a MIC token, the corresponding four bytes have the value 0xFF.
+     */
     store_16_be(toktype, ckhdr);
     ckhdr[2] = flags;
     ckhdr[3] = 0xFF;
-    store_16_be(0, ckhdr + 4);
-    store_16_be(0, ckhdr + 6);
+    store_32_be((toktype == KG2_TOK_MIC_MSG) ? 0xFFFFFFFF : 0, ckhdr + 4);
     store_64_be(seqnum, ckhdr + 8);
 
     /* Verify the checksum over the data and composed header. */
diff --git a/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c b/crypto/krb5/src/lib/gssapi/krb5/verify_mic.c
@@ -90,7 +90,6 @@ verify_mic_v3(krb5_context context, OM_uint32 *minor_status,
               krb5_gss_ctx_id_rec *ctx, struct k5input *in,
               gss_buffer_t message)
 {
-    OM_uint32 status;
     krb5_keyusage usage;
     krb5_key key;
     krb5_cksumtype cksumtype;
@@ -124,12 +123,10 @@ verify_mic_v3(krb5_context context, OM_uint32 *minor_status,
     }
     assert(key != NULL);
 
-    status = kg_verify_checksum_v3(context, key, usage, cksumtype,
-                                   KG2_TOK_MIC_MSG, flags, seqnum,
-                                   message->value, message->length,
-                                   in->ptr, in->len);
-    if (status != GSS_S_COMPLETE)
-        return status;
+    if (!kg_verify_checksum_v3(context, key, usage, cksumtype, KG2_TOK_MIC_MSG,
+                               flags, seqnum, message->value, message->length,
+                               in->ptr, in->len))
+        return GSS_S_BAD_SIG;
 
     return g_seqstate_check(ctx->seqstate, seqnum);
 }
