[30606] in CVS-changelog-for-Kerberos-V5
krb5 commit: Fix SPNEGO fallback context handling
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Nov 13 17:47:11 2019
Date: Wed, 13 Nov 2019 17:46:41 -0500
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <201911132246.xADMkf99009633@drugstore.mit.edu>
To: <cvs-krb5@mit.edu>
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/40ecfad10dd36700028ff0f3d0d79ce7925fe545
commit 40ecfad10dd36700028ff0f3d0d79ce7925fe545
Author: Greg Hudson <ghudson@mit.edu>
Date: Mon Nov 11 12:25:41 2019 -0500
Fix SPNEGO fallback context handling
In init_ctx_call_init(), if gss_init_sec_context() fails while
producing the first SPNEGO initiator token, we remove the first
candidate mechanism from sc->mech_set and try again. If
sc->ctx_handle is present after the error (more likely after commit
56f7b1bc95a2a3eeb420e069e7655fb181ade5cf), we must clear it before
falling back or it will cause subsequent attempts to fail.
ticket: 8846 (new)
tags: pullup
target_version: 1.17-next
target_version: 1.16-next
src/lib/gssapi/spnego/spnego_mech.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 5f92cb6..9123d9c 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -972,6 +972,7 @@ init_ctx_call_init(OM_uint32 *minor_status,
gss_release_buffer(&tmpmin, &sc->DER_mechTypes);
if (put_mech_set(sc->mech_set, &sc->DER_mechTypes) < 0)
goto fail;
+ gss_delete_sec_context(&tmpmin, &sc->ctx_handle, GSS_C_NO_BUFFER);
tmpret = init_ctx_call_init(&tmpmin, sc, spcred, acc_negState,
target_name, req_flags, time_req,
mechtok_in, mechtok_out, time_rec,
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
