gsasl-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gsasl branch, gsasl_1_6_x, updated. gsasl-1-6-1-2-g134b304

From: Simon Josefsson
Subject: [SCM] GNU gsasl branch, gsasl_1_6_x, updated. gsasl-1-6-1-2-g134b304
Date: Mon, 21 Nov 2011 11:32:41 +0000 
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gsasl".

http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=134b3042670ed7b88f2bb83dbecee1159326b63d

The branch, gsasl_1_6_x has been updated
       via  134b3042670ed7b88f2bb83dbecee1159326b63d (commit)
      from  3180a82fbe9ef9a63d84b4c69570ee12722ff830 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 134b3042670ed7b88f2bb83dbecee1159326b63d
Author: Simon Josefsson <address@hidden>
Date:   Wed Oct 26 21:43:52 2011 +0200

    Only proceed to the next step when the context is established.
    
    Before the code would always go to the next step, even if the GSS-API
    library returned CONTINUE_NEEDED and the context not yet established.
    The reason this problem does not appear to be exploitable is because a
    Kerberos V5 GSS-API mechanism implementation would not return
    CONTINUE_NEEDED and at the same time be able to successfully perform
    gss_wrap and gss_unwrap.  Reported by Andreas Oberritter
    <address@hidden>.

-----------------------------------------------------------------------

Summary of changes:
 lib/gssapi/server.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/gssapi/server.c b/lib/gssapi/server.c
index dc05a6f..f76430e 100644
--- a/lib/gssapi/server.c
+++ b/lib/gssapi/server.c
@@ -1,5 +1,5 @@
 /* server.c --- SASL mechanism GSSAPI as defined in RFC 4752, server side.
- * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010  Simon 
Josefsson
+ * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011  
Simon Josefsson
  *
  * This file is part of GNU SASL Library.
  *
@@ -162,6 +162,9 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx,
       if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED)
        return GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR;
 
+      if (maj_stat == GSS_S_COMPLETE)
+       state->step++;
+
       *output = malloc (bufdesc2.length);
       if (!*output)
        return GSASL_MALLOC_ERROR;
@@ -172,9 +175,6 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx,
       if (GSS_ERROR (maj_stat))
        return GSASL_GSSAPI_RELEASE_BUFFER_ERROR;
 
-      if (maj_stat == GSS_S_COMPLETE)
-       state->step++;
-
       res = GSASL_NEEDS_MORE;
       break;
 


hooks/post-receive
-- 
GNU gsasl
reply via email to
[Prev in Thread] Current Thread [Next in Thread]