39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
|
From 5f0023d5f05e95021a7caa1193f76f86871222ce Mon Sep 17 00:00:00 2001
|
||
|
|
From: Andreas Schneider <asn@samba.org>
|
||
|
|
Date: Wed, 8 May 2024 10:10:56 +0200
|
||
|
|
Subject: [PATCH] Handle empty initial buffer in IAKERB initiator
|
||
|
|
|
||
|
|
Section 5.19 of RFC 2744 (about gss_init_sec_context) states,
|
||
|
|
"Initially, the input_token parameter should be specified either as
|
||
|
|
GSS_C_NO_BUFFER, or as a pointer to a gss_buffer_desc object whose
|
||
|
|
length field contains the value zero." In iakerb_initiator_step(),
|
||
|
|
handle both cases when deciding whether to parse an acceptor message.
|
||
|
|
|
||
|
|
[ghudson@mit.edu: edited commit message]
|
||
|
|
|
||
|
|
ticket: 9126 (new)
|
||
|
|
|
||
|
|
Reference: https://github.com/krb5/krb5/commit/5f0023d5f05e95021a7caa1193f76f86871222ce
|
||
|
|
Conflict: NA
|
||
|
|
|
||
|
|
---
|
||
|
|
src/lib/gssapi/krb5/iakerb.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
|
||
|
|
index b0d0ede..7a3ad1c 100644
|
||
|
|
--- a/src/lib/gssapi/krb5/iakerb.c
|
||
|
|
+++ b/src/lib/gssapi/krb5/iakerb.c
|
||
|
|
@@ -539,7 +539,7 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx,
|
||
|
|
output_token->length = 0;
|
||
|
|
output_token->value = NULL;
|
||
|
|
|
||
|
|
- if (input_token != GSS_C_NO_BUFFER) {
|
||
|
|
+ if (input_token != GSS_C_NO_BUFFER && input_token->length > 0) {
|
||
|
|
code = iakerb_parse_token(ctx, 0, input_token, NULL, &cookie, &in);
|
||
|
|
if (code != 0)
|
||
|
|
goto cleanup;
|
||
|
|
--
|
||
|
|
2.33.0
|
||
|
|
|