oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: make gss_compare_name comply with RFC2743

Browse Source 
Anonymous names should always compare FALSE in GSS_Compare_name(). If the names
are being compared at the mechglue layer then we should check for
GSS_C_NT_ANONYMOUS.
This commit is contained in:
Luke Howard
2020-04-14 14:46:32 +10:00
parent 846c839cbf
commit 73a5bc8499
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/gssapi/mech/gss_compare_name.c
View File

@@ -46,7 +46,10 @@ gss_compare_name(OM_uint32 *minor_status,
*/
if (name1->gn_value.value && name2->gn_value.value) {
*name_equal = 1;
if (!gss_oid_equal(name1->gn_type, name2->gn_type)) {
/* RFC 2743: anonymous names always compare false */
if (gss_oid_equal(name1->gn_type, GSS_C_NT_ANONYMOUS) ||
gss_oid_equal(name2->gn_type, GSS_C_NT_ANONYMOUS) ||
!gss_oid_equal(name1->gn_type, name2->gn_type)) {
*name_equal = 0;
} else if (name1->gn_value.length != name2->gn_value.length ||
memcmp(name1->gn_value.value, name2->gn_value.value,