[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 1/2] _gsasl_gssapi_server_step: don't overwrite maj_stat
From: |
Andreas Oberritter |
Subject: |
[PATCH 1/2] _gsasl_gssapi_server_step: don't overwrite maj_stat |
Date: |
Tue, 18 Oct 2011 13:42:15 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.23) Gecko/20110922 Lightning/1.0b2 Thunderbird/3.1.15 |
- fixes a security flaw in GSSAPI server:
_gsasl_gssapi_server_step advances to the next step,
if maj_stat == GSS_S_COMPLETE. However, maj_stat
gets overwritten by a call to gss_release_buffer(),
which always returns GSS_S_COMPLETE. Therefore, a
GSSAPI client won't ever have to complete a second
challenge in order to succeed.
Signed-off-by: Andreas Oberritter <address@hidden>
---
lib/gssapi/server.c | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/lib/gssapi/server.c b/lib/gssapi/server.c
index dc05a6f..edc62d7 100644
--- a/lib/gssapi/server.c
+++ b/lib/gssapi/server.c
@@ -168,8 +168,7 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx,
memcpy (*output, bufdesc2.value, bufdesc2.length);
*output_len = bufdesc2.length;
- maj_stat = gss_release_buffer (&min_stat, &bufdesc2);
- if (GSS_ERROR (maj_stat))
+ if (gss_release_buffer (&min_stat, &bufdesc2) != GSS_S_COMPLETE)
return GSASL_GSSAPI_RELEASE_BUFFER_ERROR;
if (maj_stat == GSS_S_COMPLETE)
--
1.7.5.4
- [PATCH 1/2] _gsasl_gssapi_server_step: don't overwrite maj_stat,
Andreas Oberritter <=