Skip Menu |
 

Download (untitled) / with headers
text/plain 2.6KiB
From dmaze@donut.mit.edu Tue Jun 24 14:42:39 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA05669 for <bugs@RT-11.MIT.EDU>; Tue, 24 Jun 1997 14:42:38 -0400
Received: from DONUT.MIT.EDU by MIT.EDU with SMTP
id AA23726; Tue, 24 Jun 97 14:42:37 EDT
Received: (qmail 15388 invoked by uid 501); 24 Jun 1997 18:42:55 -0000
Message-Id: <m2k9jjyh8w.fsf@donut.mit.edu>
Date: 24 Jun 1997 14:42:55 -0400
From: dmaze@MIT.EDU
Reply-To: dmaze@MIT.EDU
To: krb5-bugs@MIT.EDU
Cc: dmaze@donut.mit.edu
Subject: [krb5-libs] gss_init_sec_context doesn't recognize GSS_C_EMPTY_BUFFER
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 439
>Category: krb5-libs
>Synopsis: gss_init_sec_context doesn't recognize GSS_C_EMPTY_BUFFER
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Jun 24 14:43:01 EDT 1997
>Last-Modified: Tue Jun 24 15:22:46 EDT 1997
>Originator: David Z Maze
>Organization:
>Release: 1.0
>Environment:
System: SunOS EXPOSURE 5.5.1 Generic_103640-06 sun4m sparc SUNW,SPARCclassic
Architecture: sun4

Show quoted text
>Description:
The IETF draft concerning the C language bindings for the General Security
Service API (GSS-API) states in its documentation that either the value
GSS_C_NO_BUFFER or a pointer to a GSS_C_EMPTY_BUFFER should be passed as
the input_token parameter to gss_init_sec_context on the initial call to
this function. The krb5 implementation of GSS-API only recognizes the
GSS_C_NO_BUFFER case.
Show quoted text
>How-To-Repeat:
OM_uint32 st_major, st_minor;
gss_ctx_id_t ctx_id;
gss_cred_it_t cred_id;
gss_name_t name;
gss_channel_bindings_t bindings;
gss_buffer_desc buff_out;
gss_buffer_desc buff_in = GSS_C_EMPTY_BUFFER;
/* (or buff_in.length = 0; ) */
st_major = gss_init_sec_context(&st_minor,
GSS_C_NO_CREDENTIAL,
&ctx_id,
name,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG,
0,
GSS_C_NO_CHANNEL_BINDINGS,
&buff_in,
NULL,
&buff_out,
NULL,
NULL
);
/* st_major == GSS_C_DEFECTIVE_TOKEN */
Show quoted text
>Fix:
Change lib/gssapi/krb5/init_sec_context.c, line 308, from

if (input_token != GSS_C_NO_BUFFER) {

to

if (input_token != GSS_C_NO_BUFFER && input_token->length != 0) {

Show quoted text
>Audit-Trail:

State-Changed-From-To: open-closed
State-Changed-By: klmitch
State-Changed-When: Tue Jun 24 15:20:19 1997
State-Changed-Why:

user was using a /mit/krb5/.build tree that was still 1.0; this problem
has already been fixed in pl1. I've spoken with the submitter personally

Show quoted text
>Unformatted: