[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gsasl branch, gsasl_1_6_x, updated. gsasl-1-6-1-2-g134b304
From: |
Simon Josefsson |
Subject: |
[SCM] GNU gsasl branch, gsasl_1_6_x, updated. gsasl-1-6-1-2-g134b304 |
Date: |
Mon, 21 Nov 2011 11:32:41 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=134b3042670ed7b88f2bb83dbecee1159326b63d
The branch, gsasl_1_6_x has been updated
via 134b3042670ed7b88f2bb83dbecee1159326b63d (commit)
from 3180a82fbe9ef9a63d84b4c69570ee12722ff830 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 134b3042670ed7b88f2bb83dbecee1159326b63d
Author: Simon Josefsson <address@hidden>
Date: Wed Oct 26 21:43:52 2011 +0200
Only proceed to the next step when the context is established.
Before the code would always go to the next step, even if the GSS-API
library returned CONTINUE_NEEDED and the context not yet established.
The reason this problem does not appear to be exploitable is because a
Kerberos V5 GSS-API mechanism implementation would not return
CONTINUE_NEEDED and at the same time be able to successfully perform
gss_wrap and gss_unwrap. Reported by Andreas Oberritter
<address@hidden>.
-----------------------------------------------------------------------
Summary of changes:
lib/gssapi/server.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/lib/gssapi/server.c b/lib/gssapi/server.c
index dc05a6f..f76430e 100644
--- a/lib/gssapi/server.c
+++ b/lib/gssapi/server.c
@@ -1,5 +1,5 @@
/* server.c --- SASL mechanism GSSAPI as defined in RFC 4752, server side.
- * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Simon
Josefsson
+ * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011
Simon Josefsson
*
* This file is part of GNU SASL Library.
*
@@ -162,6 +162,9 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx,
if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED)
return GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR;
+ if (maj_stat == GSS_S_COMPLETE)
+ state->step++;
+
*output = malloc (bufdesc2.length);
if (!*output)
return GSASL_MALLOC_ERROR;
@@ -172,9 +175,6 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx,
if (GSS_ERROR (maj_stat))
return GSASL_GSSAPI_RELEASE_BUFFER_ERROR;
- if (maj_stat == GSS_S_COMPLETE)
- state->step++;
-
res = GSASL_NEEDS_MORE;
break;
hooks/post-receive
--
GNU gsasl
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gsasl branch, gsasl_1_6_x, updated. gsasl-1-6-1-2-g134b304,
Simon Josefsson <=