krb5 commit: Correct GSS major code for non-default QOP values

Greg Hudson ghudson at mit.edu
Wed Sep 30 18:44:10 EDT 2015


https://github.com/krb5/krb5/commit/45ccc1c85f42e4f41f2042df8a51dd7826533029
commit 45ccc1c85f42e4f41f2042df8a51dd7826533029
Author: Tomas Kuthan <tkuthan at gmail.com>
Date:   Wed Sep 30 15:34:26 2015 +0200

    Correct GSS major code for non-default QOP values
    
    This patch fixes several krb5 mech error cases to comply with RFC
    2743; non-default QOP arguments should result in GSS_S_BAD_QOP, not
    GSS_S_FAILURE.
    
    [ghudson at mit.edu: edit commit message]
    
    ticket: 8258 (new)
    target_version: 1.14
    tags: pullup

 src/lib/gssapi/krb5/k5seal.c          |    2 +-
 src/lib/gssapi/krb5/k5sealiov.c       |    4 ++--
 src/lib/gssapi/krb5/wrap_size_limit.c |    2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/lib/gssapi/krb5/k5seal.c b/src/lib/gssapi/krb5/k5seal.c
index f1c74dd..4da531b 100644
--- a/src/lib/gssapi/krb5/k5seal.c
+++ b/src/lib/gssapi/krb5/k5seal.c
@@ -337,7 +337,7 @@ kg_seal(minor_status, context_handle, conf_req_flag, qop_req,
        them later.  */
     if (qop_req != 0) {
         *minor_status = (OM_uint32) G_UNKNOWN_QOP;
-        return GSS_S_FAILURE;
+        return GSS_S_BAD_QOP;
     }
 
     ctx = (krb5_gss_ctx_id_rec *) context_handle;
diff --git a/src/lib/gssapi/krb5/k5sealiov.c b/src/lib/gssapi/krb5/k5sealiov.c
index b53e348..88caa85 100644
--- a/src/lib/gssapi/krb5/k5sealiov.c
+++ b/src/lib/gssapi/krb5/k5sealiov.c
@@ -277,7 +277,7 @@ kg_seal_iov(OM_uint32 *minor_status,
 
     if (qop_req != 0) {
         *minor_status = (OM_uint32)G_UNKNOWN_QOP;
-        return GSS_S_FAILURE;
+        return GSS_S_BAD_QOP;
     }
 
     ctx = (krb5_gss_ctx_id_rec *)context_handle;
@@ -342,7 +342,7 @@ kg_seal_iov_length(OM_uint32 *minor_status,
 
     if (qop_req != GSS_C_QOP_DEFAULT) {
         *minor_status = (OM_uint32)G_UNKNOWN_QOP;
-        return GSS_S_FAILURE;
+        return GSS_S_BAD_QOP;
     }
 
     ctx = (krb5_gss_ctx_id_rec *)context_handle;
diff --git a/src/lib/gssapi/krb5/wrap_size_limit.c b/src/lib/gssapi/krb5/wrap_size_limit.c
index ed5c599..7959f42 100644
--- a/src/lib/gssapi/krb5/wrap_size_limit.c
+++ b/src/lib/gssapi/krb5/wrap_size_limit.c
@@ -91,7 +91,7 @@ krb5_gss_wrap_size_limit(minor_status, context_handle, conf_req_flag,
     /* only default qop is allowed */
     if (qop_req != GSS_C_QOP_DEFAULT) {
         *minor_status = (OM_uint32) G_UNKNOWN_QOP;
-        return(GSS_S_FAILURE);
+        return GSS_S_BAD_QOP;
     }
 
     ctx = (krb5_gss_ctx_id_rec *) context_handle;


More information about the cvs-krb5 mailing list