diff options
author | Andreas Schneider <asn@samba.org> | 2024-05-08 10:10:56 +0200 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2024-05-28 17:15:57 -0400 |
commit | 5f0023d5f05e95021a7caa1193f76f86871222ce (patch) | |
tree | a28118e8c8e83bd5792ca9849c72a78096d073f8 | |
parent | c5772bc916f8818070f9d78a2999bd5dfa0a68d5 (diff) | |
download | krb5-5f0023d5f05e95021a7caa1193f76f86871222ce.zip krb5-5f0023d5f05e95021a7caa1193f76f86871222ce.tar.gz krb5-5f0023d5f05e95021a7caa1193f76f86871222ce.tar.bz2 |
Handle empty initial buffer in IAKERB initiator
Section 5.19 of RFC 2744 (about gss_init_sec_context) states,
"Initially, the input_token parameter should be specified either as
GSS_C_NO_BUFFER, or as a pointer to a gss_buffer_desc object whose
length field contains the value zero." In iakerb_initiator_step(),
handle both cases when deciding whether to parse an acceptor message.
[ghudson@mit.edu: edited commit message]
ticket: 9126 (new)
-rw-r--r-- | src/lib/gssapi/krb5/iakerb.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c index a0d298c..3ee926e 100644 --- a/src/lib/gssapi/krb5/iakerb.c +++ b/src/lib/gssapi/krb5/iakerb.c @@ -523,7 +523,7 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx, output_token->length = 0; output_token->value = NULL; - if (input_token != GSS_C_NO_BUFFER) { + if (input_token != GSS_C_NO_BUFFER && input_token->length > 0) { code = iakerb_parse_token(ctx, 0, input_token, NULL, &cookie, &in); if (code != 0) goto cleanup; |