[krbdev.mit.edu #8845] git commit
Greg Hudson via RT
rt at KRBDEV-PROD-APP-1.mit.edu
Sat Nov 9 00:05:22 EST 2019
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8845 >
Fix SPNEGO output parameter bugs
When accepting, do not leak a name if the underlying mech reports a
src_name twice. Record mech_type and delegated_cred_handle and report
them to the caller at the final SPNEGO step, not when the underlying
mech reports them.
When initiating or accepting, report ret_flags at every step, and
filter out PROT_READY as required by RFC 4178 section 3.1. Report a
time_rec value at the final step even if we didn't call into the
underlying mech, using a call to gss_context_time() if necessary.
In the mechglue, initialize ret_flags and time_rec for both
gss_initialize_sec_context() and gss_accept_sec_context().
https://github.com/krb5/krb5/commit/24b844714dea3e47b17511746b5df5b6ddf13d43
Author: Greg Hudson <ghudson at mit.edu>
Commit: 24b844714dea3e47b17511746b5df5b6ddf13d43
Branch: master
src/lib/gssapi/mechglue/g_accept_sec_context.c | 6 ++
src/lib/gssapi/mechglue/g_init_sec_context.c | 6 ++
src/lib/gssapi/spnego/gssapiP_spnego.h | 1 +
src/lib/gssapi/spnego/spnego_mech.c | 85 +++++++++++++-----------
4 files changed, 60 insertions(+), 38 deletions(-)
More information about the krb5-bugs
mailing list