You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by er...@apache.org on 2005/02/17 06:40:02 UTC

svn commit: r154126 - incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java

Author: erodriguez
Date: Wed Feb 16 21:39:59 2005
New Revision: 154126

URL: http://svn.apache.org/viewcvs?view=rev&rev=154126
Log:
Decrypting encrypted timestamps could yield an ASN.1 structure that was totally valid, yet not the DERSequence we expected, resulting in a ClassCastException and temporary DoS of the KDC.

Modified:
    incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java

Modified: incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java
URL: http://svn.apache.org/viewcvs/incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java?view=diff&r1=154125&r2=154126
==============================================================================
--- incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java (original)
+++ incubator/directory/protocols/kerberos/trunk/core/src/java/org/apache/kerberos/kdc/AuthenticationService.java Wed Feb 16 21:39:59 2005
@@ -135,6 +135,10 @@
 			    		{
 			    		    throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
 			    		}
+			    		catch (ClassCastException cce)
+			    		{
+			    		    throw KerberosException.KRB_AP_ERR_BAD_INTEGRITY;
+			    		}
 			        }
 			    }