From 5f0023d5f05e95021a7caa1193f76f86871222ce Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 8 May 2024 10:10:56 +0200 Subject: Handle empty initial buffer in IAKERB initiator Section 5.19 of RFC 2744 (about gss_init_sec_context) states, "Initially, the input_token parameter should be specified either as GSS_C_NO_BUFFER, or as a pointer to a gss_buffer_desc object whose length field contains the value zero." In iakerb_initiator_step(), handle both cases when deciding whether to parse an acceptor message. [ghudson@mit.edu: edited commit message] ticket: 9126 (new) --- src/lib/gssapi/krb5/iakerb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib/gssapi/krb5/iakerb.c') diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c index a0d298c..3ee926e 100644 --- a/src/lib/gssapi/krb5/iakerb.c +++ b/src/lib/gssapi/krb5/iakerb.c @@ -523,7 +523,7 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx, output_token->length = 0; output_token->value = NULL; - if (input_token != GSS_C_NO_BUFFER) { + if (input_token != GSS_C_NO_BUFFER && input_token->length > 0) { code = iakerb_parse_token(ctx, 0, input_token, NULL, &cookie, &in); if (code != 0) goto cleanup; -- cgit v1.1