[krbdev.mit.edu #6402] Invalid initial GSSAPI/SPNEGO token can cause segmentation error or assert failure
Arlene Berry via RT
rt-comment at krbdev.mit.edu
Thu Mar 12 17:26:37 EDT 2009
This fixed 1.6.3 for us. I changed the call so that it doesn't
dereference a NULL pointer and altered make_spnego_tokenTarg_msg to
allow for no mechanism since there may not be one when rejecting the
request.
--- spnego_mech.c (revision xxxxx)
+++ spnego_mech.c (working copy)
@@ -1269,7 +1269,8 @@
}
cleanup:
if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC)
{
- tmpret = make_spnego_tokenTarg_msg(negState,
sc->internal_mech,
+ tmpret = make_spnego_tokenTarg_msg(negState,
+ sc ? sc->internal_mech : NULL,
&mechtok_out,
mic_out,
return_token,
output_token, 0);
@@ -2504,7 +2505,7 @@
* If this is the initial token, include length of
* mech_type and the negotiation result fields.
*/
- if (sendtoken == INIT_TOKEN_SEND) {
+ if (sendtoken == INIT_TOKEN_SEND && mech_wanted) {
int mechlistTokenSize;
/*
* 1 byte for the CONTEXT ID(0xa0),
@@ -2605,7 +2606,7 @@
goto errout;
}
}
- if (sendtoken == INIT_TOKEN_SEND) {
+ if (sendtoken == INIT_TOKEN_SEND && mech_wanted) {
/*
* Next, is the Supported MechType
*/
More information about the krb5-bugs
mailing list