Skip Menu |

Subject: Allow GSS_C_NO_OID in krb5_gss_canon_name
Some programs (most notably racoon from ipsec-tools) call generic
functions that end up calling krb5_gss_canonicalize_name with
GSS_C_NO_OID as the mechanism. Currently, this results in a segfault,
which is clearly incorrect. The attached patch quietly assumes the krb5
mechanism, since that's the only non-deprecated mechanism provided by
the library.

Patch provided by Daniel Kahn Gillmor.
Download gss-canon-name
application/octet-stream 712B

Message body not shown because it is not plain text.

From: Russ Allbery <>
Subject: CVS Commit
If krb5_gss_canonicalize_name is given GSS_C_NULL_OID as the mechanism,
assume krb5 using similar logic as other library functions rather than
failing. Patch provided by Daniel Kahn Gillmor.

Commit By: rra

Revision: 18113
Changed Files:
U trunk/src/lib/gssapi/krb5/canon_name.c