Jeffrey Altman
Jeffrey Altman
Assuming that is the correct behavior for the case where resolve_search() is defined as res_search(), it wouldn't be safe to examine 'errno' without first testing that 'h_errno == TRY_AGAIN'. But...
Also, for the res_nsearch() case 'errno' must be zeroed before the res_nsearch() call.
Heimdal attempted to increase the default requested maximum ticket lifetime and maximum renew lifetime to 0x7FFFFFFF seconds in a013e93e95a826b321870a7e626e2cdc9be13984. This change had to be reverted because it broke the ability...
> The reporter is using Heimdal on a 64-bit platform though, so could this be a separate issue? From the perspective of Kerberos clients interacting with deployed infrastructure, it is...
20370913024805Z (2037-09-13 02:48:05 UTC) is 2136422885 = 0x7F5739E5 seconds since Unix Epoch. It slightly more than 128 days before the 2038 roll over. I strongly suspect that Microsoft previously knew...
Is this problem introduced by the Windows 11 22H2 feature update or one of the monthly cumulative updates?
A contact within Microsoft reports that 22H2 removed a cap on the maximum timestamp that would be encoded using ASN.1. The change is permitted by protocol and therefore would require...
> Heimdal's own "kgetcred" and Samba's "smbclient" commands both issue TGS-REQ with a "till" set to 19700101000000Z, which is assumed as MAX_TIME by _kdc_fix_time() (https://github.com/heimdal/heimdal/blob/master/kdc/kerberos5.c#L57-L64). 19700101000000Z is UNIX Epoch which...
I have filed a report with the Microsoft Security Response Center. Microsoft customer reports are encouraged.
@branciar, Thank you for your continued investigations. I believe that one of the reasons that Heimdal does not use OS timegm() and gmtime() in ASN.1 is avoiding incorporation of leap...