This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "GNU gsasl".
http://git.savannah.gnu.org/cgit/gsasl.git/commit/?id=134b3042670ed7b88f2bb83dbecee1159326b63d The branch, gsasl_1_6_x has been updated via 134b3042670ed7b88f2bb83dbecee1159326b63d (commit) from 3180a82fbe9ef9a63d84b4c69570ee12722ff830 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 134b3042670ed7b88f2bb83dbecee1159326b63d Author: Simon Josefsson <[email protected]> Date: Wed Oct 26 21:43:52 2011 +0200 Only proceed to the next step when the context is established. Before the code would always go to the next step, even if the GSS-API library returned CONTINUE_NEEDED and the context not yet established. The reason this problem does not appear to be exploitable is because a Kerberos V5 GSS-API mechanism implementation would not return CONTINUE_NEEDED and at the same time be able to successfully perform gss_wrap and gss_unwrap. Reported by Andreas Oberritter <[email protected]>. ----------------------------------------------------------------------- Summary of changes: lib/gssapi/server.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/gssapi/server.c b/lib/gssapi/server.c index dc05a6f..f76430e 100644 --- a/lib/gssapi/server.c +++ b/lib/gssapi/server.c @@ -1,5 +1,5 @@ /* server.c --- SASL mechanism GSSAPI as defined in RFC 4752, server side. - * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Simon Josefsson + * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Simon Josefsson * * This file is part of GNU SASL Library. * @@ -162,6 +162,9 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx, if (maj_stat != GSS_S_COMPLETE && maj_stat != GSS_S_CONTINUE_NEEDED) return GSASL_GSSAPI_ACCEPT_SEC_CONTEXT_ERROR; + if (maj_stat == GSS_S_COMPLETE) + state->step++; + *output = malloc (bufdesc2.length); if (!*output) return GSASL_MALLOC_ERROR; @@ -172,9 +175,6 @@ _gsasl_gssapi_server_step (Gsasl_session * sctx, if (GSS_ERROR (maj_stat)) return GSASL_GSSAPI_RELEASE_BUFFER_ERROR; - if (maj_stat == GSS_S_COMPLETE) - state->step++; - res = GSASL_NEEDS_MORE; break; hooks/post-receive -- GNU gsasl _______________________________________________ Gsasl-commit mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gsasl-commit
