krb5 commit: Handle empty initial buffer in IAKERB initiator
ghudson at mit.edu
ghudson at mit.edu
Tue May 28 17:25:56 EDT 2024
https://github.com/krb5/krb5/commit/5f0023d5f05e95021a7caa1193f76f86871222ce
commit 5f0023d5f05e95021a7caa1193f76f86871222ce
Author: Andreas Schneider <asn at samba.org>
Date: Wed May 8 10:10:56 2024 +0200
Handle empty initial buffer in IAKERB initiator
Section 5.19 of RFC 2744 (about gss_init_sec_context) states,
"Initially, the input_token parameter should be specified either as
GSS_C_NO_BUFFER, or as a pointer to a gss_buffer_desc object whose
length field contains the value zero." In iakerb_initiator_step(),
handle both cases when deciding whether to parse an acceptor message.
[ghudson at mit.edu: edited commit message]
ticket: 9126 (new)
src/lib/gssapi/krb5/iakerb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index a0d298c49..3ee926e69 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -523,7 +523,7 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx,
output_token->length = 0;
output_token->value = NULL;
- if (input_token != GSS_C_NO_BUFFER) {
+ if (input_token != GSS_C_NO_BUFFER && input_token->length > 0) {
code = iakerb_parse_token(ctx, 0, input_token, NULL, &cookie, &in);
if (code != 0)
goto cleanup;
More information about the cvs-krb5
mailing list