Properly reflect MS krb5 mech in SPNEGO acceptor

r25590 changed negotiate_mech() to return an alias into the acceptor's mech set, with the unfortunate side effect of transforming the erroneous Microsoft krb5 mech OID into the correct krb5 mech OID, meaning that we answer with a different OID than the requested one. Return an alias into the initiator's mech set instead, and store that in mech_set field the SPNEGO context. The acceptor code only uses mech_set to hold the allocated storage pointed into by internal_mech, so this change is safe. (cherry picked from commit 8255613) ticket: 7858 version_fixed: 1.12.2 status: resolved
krb5 · Jun 26, 2014 · dc31efa · dc31efa
1 parent 57f106a
commit dc31efa
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1395,8 +1395,8 @@ acc_ctx_new(OM_uint32 *minor_status,
 		*return_token = NO_TOKEN_SEND;
 		goto cleanup;
 	}
-	sc->mech_set = supported_mechSet;
-	supported_mechSet = GSS_C_NO_OID_SET;
+	sc->mech_set = mechTypes;
+	mechTypes = GSS_C_NO_OID_SET;
 	sc->internal_mech = mech_wanted;
 	sc->DER_mechTypes = der_mechTypes;
 	der_mechTypes.length = 0;
@@ -3545,7 +3545,7 @@ put_negResult(unsigned char **buf_out, OM_uint32 negResult,
  * is set to ACCEPT_INCOMPLETE if it's the first mech, REQUEST_MIC if
  * it's not the first mech, otherwise we return NULL and negResult
  * is set to REJECT. The returned pointer is an alias into
- * supported->elements and should not be freed.
+ * received->elements and should not be freed.
  *
  * NOTE: There is currently no way to specify a preference order of
  * mechanisms supported by the acceptor.
@@ -3567,7 +3567,7 @@ negotiate_mech(gss_OID_set supported, gss_OID_set received,
 			if (g_OID_equal(mech_oid, &supported->elements[j])) {
 				*negResult = (i == 0) ? ACCEPT_INCOMPLETE :
 					REQUEST_MIC;
-				return &supported->elements[j];
+				return &received->elements[i];
 			}
 		}
 	}