Fix FAST critical option bit checking

The FAST option bits 0-15 are intended to be critical--if they are present and a KDC does not support them, the KDC is supposed to fail the request. Because of an incorrect constant, we were erroneously recognizing bits 24-31 as critical. Fix the constant. ticket: 7701 (new)
author: Greg Hudson <ghudson@mit.edu> 2013-08-31 11:46:58 -0400
committer: Greg Hudson <ghudson@mit.edu> 2013-09-03 19:13:51 -0400
commit: 95b03a6fef4b86d1f8fac0a6ef92e86d836e261f (patch)
tree: b4beeb3f2005d779f17bc4376b918abc95d70f38
parent: 0ebf39d8787b04b524967cdd48f1f1bcaf6bf8f9 (diff)
download: krb5-95b03a6fef4b86d1f8fac0a6ef92e86d836e261f.tar.gz
krb5-95b03a6fef4b86d1f8fac0a6ef92e86d836e261f.tar.xz
krb5-95b03a6fef4b86d1f8fac0a6ef92e86d836e261f.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index d6f9325eb..5119e66da 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -776,8 +776,8 @@ typedef struct _krb5_fast_req {
     krb5_kdc_req *req_body;
 } krb5_fast_req;
 
-/* Bits 0-15 are critical in fast options.*/
-#define UNSUPPORTED_CRITICAL_FAST_OPTIONS 0x00ff
+/* Bits 0-15 are critical in FAST options (RFC 6113 section 7.3). */
+#define UNSUPPORTED_CRITICAL_FAST_OPTIONS   0xbfff0000
 #define KRB5_FAST_OPTION_HIDE_CLIENT_NAMES  0x40000000
 
 typedef struct _krb5_fast_finished {
author	Greg Hudson <ghudson@mit.edu>	2013-08-31 11:46:58 -0400
committer	Greg Hudson <ghudson@mit.edu>	2013-09-03 19:13:51 -0400
commit	95b03a6fef4b86d1f8fac0a6ef92e86d836e261f (patch)
tree	b4beeb3f2005d779f17bc4376b918abc95d70f38
parent	0ebf39d8787b04b524967cdd48f1f1bcaf6bf8f9 (diff)
download	krb5-95b03a6fef4b86d1f8fac0a6ef92e86d836e261f.tar.gz krb5-95b03a6fef4b86d1f8fac0a6ef92e86d836e261f.tar.xz krb5-95b03a6fef4b86d1f8fac0a6ef92e86d836e261f.zip