[2750] in Kerberos-V5-bugs
krb5-libs/439: [krb5-libs] gss_init_sec_context doesn't recognize GSS_C_EMPTY_BUFFER
daemon@ATHENA.MIT.EDU (dmaze@MIT.EDU)
Tue Jun 24 14:49:00 1997
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: krb5-unassigned@RT-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, dmaze@MIT.EDU
Date: 24 Jun 1997 14:42:55 -0400
From: dmaze@MIT.EDU
Reply-To: dmaze@MIT.EDU
To: krb5-bugs@MIT.EDU
Cc: dmaze@donut.mit.edu
>Number: 439
>Category: krb5-libs
>Synopsis: gss_init_sec_context doesn't recognize GSS_C_EMPTY_BUFFER
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Jun 24 14:43:01 EDT 1997
>Last-Modified:
>Originator: David Z Maze
>Organization:
>Release: 1.0
>Environment:
System: SunOS EXPOSURE 5.5.1 Generic_103640-06 sun4m sparc SUNW,SPARCclassic
Architecture: sun4
>Description:
The IETF draft concerning the C language bindings for the General Security
Service API (GSS-API) states in its documentation that either the value
GSS_C_NO_BUFFER or a pointer to a GSS_C_EMPTY_BUFFER should be passed as
the input_token parameter to gss_init_sec_context on the initial call to
this function. The krb5 implementation of GSS-API only recognizes the
GSS_C_NO_BUFFER case.
>How-To-Repeat:
OM_uint32 st_major, st_minor;
gss_ctx_id_t ctx_id;
gss_cred_it_t cred_id;
gss_name_t name;
gss_channel_bindings_t bindings;
gss_buffer_desc buff_out;
gss_buffer_desc buff_in = GSS_C_EMPTY_BUFFER;
/* (or buff_in.length = 0; ) */
st_major = gss_init_sec_context(&st_minor,
GSS_C_NO_CREDENTIAL,
&ctx_id,
name,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&buff_in,
NULL,
&buff_out,
NULL,
NULL
);
/* st_major == GSS_C_DEFECTIVE_TOKEN */
>Fix:
Change lib/gssapi/krb5/init_sec_context.c, line 308, from
if (input_token != GSS_C_NO_BUFFER) {
to
if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {
>Audit-Trail:
>Unformatted:
