KerberosString

[Emmanuel Lécharny <el...@gmail.com>]

Hi,

looking at teh KerberosString class, I think it's not doing the job it's
suppose to do.

Kerberos String is a restricted version of the ASN.1 GeneralString,
limiting the chars that can be used to the ASCII sub-set (ie, 0x00..0x7F).

There is no control whatsoever on the value you can inject into a
KerberosString, and this is extremely dangerous from a interropability POV.

IMO, we shuld override the methods that inject data into a
KerberosString to enforce this mimitation.

There are more things I'd like to say about the Asn1String class, but
I'll submit another mail later !

Thanks !

RE: KerberosString

["Li, Jiajia" <ji...@intel.com>]

Thanks Emmanuel for finding and fixing this issue. Checking the String injected into the KerberosString based on RFC is important.

Jiajia

-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com] 
Sent: Tuesday, December 29, 2015 4:53 PM
To: kerby@directory.apache.org
Subject: KerberosString

Hi,

looking at teh KerberosString class, I think it's not doing the job it's suppose to do.

Kerberos String is a restricted version of the ASN.1 GeneralString, limiting the chars that can be used to the ASCII sub-set (ie, 0x00..0x7F).

There is no control whatsoever on the value you can inject into a KerberosString, and this is extremely dangerous from a interropability POV.

IMO, we shuld override the methods that inject data into a KerberosString to enforce this mimitation.

There are more things I'd like to say about the Asn1String class, but I'll submit another mail later !

Thanks !