From 4199118c7670ebe8604b4b839850fa7e08a4077f Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Fri, 17 Apr 2020 11:11:43 +1000
Subject: [PATCH] gss: fix gss_decapsulate_token() return codes

gss_decapsulate_token() should return GSS_S_BAD_MECH if the mechanism did not
match the expected one, and GSS_S_DEFECTIVE_TOKEN if the token could not be
parsed for some other reason, rather than GSS_S_FAILURE in both cases
---
 lib/gssapi/mech/gss_decapsulate_token.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/gssapi/mech/gss_decapsulate_token.c b/lib/gssapi/mech/gss_decapsulate_token.c
index 3f2974e8c..5d9eca0b1 100644
--- a/lib/gssapi/mech/gss_decapsulate_token.c
+++ b/lib/gssapi/mech/gss_decapsulate_token.c
@@ -54,7 +54,7 @@ gss_decapsulate_token(gss_const_buffer_t input_token,
 				    &ct, NULL);
     if (ret) {
 	der_free_oid(&o);
-	return GSS_S_FAILURE;
+	return GSS_S_DEFECTIVE_TOKEN;
     }
 
     if (der_heim_oid_cmp(&ct.thisMech, &o) == 0) {
@@ -64,7 +64,7 @@ gss_decapsulate_token(gss_const_buffer_t input_token,
 	der_free_oid(&ct.thisMech);
     } else {
 	free_GSSAPIContextToken(&ct);
- 	status = GSS_S_FAILURE;
+	status = GSS_S_BAD_MECH;
     }
     der_free_oid(&o);