krb5 commit: Fix SPNEGO context import

Greg Hudson ghudson at mit.edu
Thu Nov 5 12:25:53 EST 2015 

https://github.com/krb5/krb5/commit/222b09f6e2f536354555f2a0dedfe29fc10c01d6
commit 222b09f6e2f536354555f2a0dedfe29fc10c01d6
Author: Greg Hudson <ghudson at mit.edu>
Date:   Sun Nov 1 22:46:56 2015 -0500

    Fix SPNEGO context import
    
    The patches for CVE-2015-2695 did not implement a SPNEGO
    gss_import_sec_context() function, under the erroneous belief that an
    exported SPNEGO context would be tagged with the underlying context
    mechanism.  Implement it now to allow SPNEGO contexts to be
    successfully exported and imported after establishment.
    
    ticket: 8273

 src/lib/gssapi/spnego/spnego_mech.c |   33 +++++++++++++++++++++++++++------
 1 files changed, 27 insertions(+), 6 deletions(-)

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 7849c85..e6703eb 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -2197,12 +2197,33 @@ spnego_gss_import_sec_context(
 	const gss_buffer_t	interprocess_token,
 	gss_ctx_id_t		*context_handle)
 {
-	/*
-	 * Until we implement partial context exports, there are no SPNEGO
-	 * exported context tokens, only tokens for underlying mechs.  So just
-	 * return an error for now.
-	 */
-	return GSS_S_UNAVAILABLE;
+	OM_uint32 ret, tmpmin;
+	gss_ctx_id_t mctx;
+	spnego_gss_ctx_id_t sc;
+	int initiate, opened;
+
+	ret = gss_import_sec_context(minor_status, interprocess_token, &mctx);
+	if (ret != GSS_S_COMPLETE)
+		return ret;
+
+	ret = gss_inquire_context(&tmpmin, mctx, NULL, NULL, NULL, NULL, NULL,
+				  &initiate, &opened);
+	if (ret != GSS_S_COMPLETE || !opened) {
+		/* We don't currently support importing partially established
+		 * contexts. */
+		(void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
+		return GSS_S_FAILURE;
+	}
+
+	sc = create_spnego_ctx(initiate);
+	if (sc == NULL) {
+		(void) gss_delete_sec_context(&tmpmin, &mctx, GSS_C_NO_BUFFER);
+		return GSS_S_FAILURE;
+	}
+	sc->ctx_handle = mctx;
+	sc->opened = 1;
+	*context_handle = (gss_ctx_id_t)sc;
+	return GSS_S_COMPLETE;
 }
 #endif /* LEAN_CLIENT */

More information about the cvs-krb5 mailing list