I’ve found an unlikely case where keytab record lengths produce unexpected behavior. The following snippet of code, when run in bash, will create a 2GB file called bad.keytab. When this file is read (read_kt) using ktutil, the process will enter an infinite loop:
(echo -ne '\05\02\0200\0\0\010'; dd if=/dev/zero count=21474 bs=100000; dd if=/dev/zero count=1 bs=83640; echo -ne '\0200\0\0\0') >bad.keytab
The reason is the code in krb5_ktfileint_internal_read_entry (kt_file.c:924 in krb5-1.18.2.tar.gz) assumes that the 2s compliment of a negative 32bit integer is always positive. This is not true for (int32_t) 0x80000000.