oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: fix gss_decapsulate_token() return codes

Browse Source 
gss_decapsulate_token() should return GSS_S_BAD_MECH if the mechanism did not
match the expected one, and GSS_S_DEFECTIVE_TOKEN if the token could not be
parsed for some other reason, rather than GSS_S_FAILURE in both cases
This commit is contained in:
Luke Howard
2020-04-17 11:11:43 +10:00
parent 26a69856f6
commit 4199118c76
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/gssapi/mech/gss_decapsulate_token.c
View File

@@ -54,7 +54,7 @@ gss_decapsulate_token(gss_const_buffer_t input_token,
&ct, NULL); &ct, NULL);
if (ret) { if (ret) {
der_free_oid(&o); der_free_oid(&o);
return GSS_S_FAILURE; return GSS_S_DEFECTIVE_TOKEN;
} }
if (der_heim_oid_cmp(&ct.thisMech, &o) == 0) { if (der_heim_oid_cmp(&ct.thisMech, &o) == 0) {
@@ -64,7 +64,7 @@ gss_decapsulate_token(gss_const_buffer_t input_token,
der_free_oid(&ct.thisMech); der_free_oid(&ct.thisMech);
} else { } else {
free_GSSAPIContextToken(&ct); free_GSSAPIContextToken(&ct);
status = GSS_S_FAILURE; status = GSS_S_BAD_MECH;
} }
der_free_oid(&o); der_free_oid(&o);