Hello, I was going through the gssapi MIT krb1.6.3 code and I feel there is a possible bug in kg_ctx_internalize() function defined in src/lib/gssapi/krb5/ser_sctx.c file.
As I understand the function should unpack entities in the same order in which they were packed by kg_ctx_externalize() function. But it misses the order while unpacking the last two structure variables as shown below. Since acceptor_subkey_cksumtype was packed before cred_rcache and also occurs before in the _krb5_gss_cred_id_rec structure definition, acceptor_subkey_cksumtype should be unpacked BEFORE cred_rcache, else the values will get swapped. Current Code in kg_ctx_internalize() function: if (!kret) kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->cred_rcache = ibuf; if (!kret) kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->acceptor_subkey_cksumtype = ibuf; Proposed Code in kg_ctx_internalize() function with change in sequence while unpacking: if (!kret) kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->acceptor_subkey_cksumtype = ibuf; if (!kret) kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->cred_rcache = ibuf; Kindly let me know if this is valid. - Sachin ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos