diff options
| -rw-r--r-- | src/kdc/kdc_authdata.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/kdc/kdc_authdata.c b/src/kdc/kdc_authdata.c index 50975580cc..b5de64de20 100644 --- a/src/kdc/kdc_authdata.c +++ b/src/kdc/kdc_authdata.c @@ -934,8 +934,12 @@ verify_ad_signedpath(krb5_context context, enc_sp.length = sp_authdata[0]->length; code = decode_krb5_ad_signedpath(&enc_sp, &sp); - if (code != 0) + if (code != 0) { + /* Treat an invalid signedpath authdata element as a missing one, since + * we believe MS is using the same number for something else. */ + code = 0; goto cleanup; + } code = verify_ad_signedpath_checksum(context, krbtgt, |