svn commit: r154126 - incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java

17 Feb 2005 05:40:05 -0000 

Author: erodriguez
Date: Wed Feb 16 21:39:59 2005
New Revision: 154126

URL: http://svn.apache.org/viewcvs?view=rev&rev=154126
Log:
Decrypting encrypted timestamps could yield an ASN.1 structure that was totally 
valid, yet not the DERSequence we expected, resulting in a ClassCastException 
and temporary DoS of the KDC.

Modified:
    
incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java

Modified: 
incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
URL: 
http://svn.apache.org/viewcvs/incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java?view=diff&r1=154125&r2=154126
==============================================================================
--- 
incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
 (original)
+++ 
incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
 Wed Feb 16 21:39:59 2005
@@ -135,6 +135,10 @@
                                        {
                                            throw 
KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
                                        }
+                                       catch (ClassCastException cce)
+                                       {
+                                           throw 
KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
+                                       }
                                }
                            }

Reply via email to