[31321] in CVS-changelog-for-Kerberos-V5
krb5 commit: Handle empty initial buffer in IAKERB initiator
daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Tue May 28 17:26:01 2024
From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20240528212556.5829B101A21@krbdev.mit.edu>
Date: Tue, 28 May 2024 17:25:56 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/5f0023d5f05e95021a7caa1193f76f86871222ce
commit 5f0023d5f05e95021a7caa1193f76f86871222ce
Author: Andreas Schneider <asn@samba.org>
Date: Wed May 8 10:10:56 2024 +0200
Handle empty initial buffer in IAKERB initiator
Section 5.19 of RFC 2744 (about gss_init_sec_context) states,
"Initially, the input_token parameter should be specified either as
GSS_C_NO_BUFFER, or as a pointer to a gss_buffer_desc object whose
length field contains the value zero." In iakerb_initiator_step(),
handle both cases when deciding whether to parse an acceptor message.
[ghudson@mit.edu: edited commit message]
ticket: 9126 (new)
src/lib/gssapi/krb5/iakerb.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index a0d298c49..3ee926e69 100644
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -523,7 +523,7 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx,
output_token->length = 0;
output_token->value = NULL;
- if (input_token != GSS_C_NO_BUFFER) {
+ if (input_token != GSS_C_NO_BUFFER && input_token->length > 0) {
code = iakerb_parse_token(ctx, 0, input_token, NULL, &cookie, &in);
if (code != 0)
goto cleanup;
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5