oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: set GSS_C_CHANNEL_BOUND_FLAG for SAnon

Browse Source 
SAnon includes channel bindings as part of the key derivation function, so they
cannot be ignored. Always set GSS_C_CHANNEL_BOUND_FLAG in the SAnon acceptor.
This commit is contained in:
Luke Howard
2021-08-06 13:21:07 +10:00
parent d83321fdf3
commit 8330e45444
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/gssapi/sanon/accept_sec_context.c
View File

@@ -117,7 +117,8 @@ _gss_sanon_accept_sec_context(OM_uint32 *minor,
req_flags &= SANON_PROTOCOL_FLAG_MASK; req_flags &= SANON_PROTOCOL_FLAG_MASK;
req_flags |= GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG | req_flags |= GSS_C_REPLAY_FLAG | GSS_C_SEQUENCE_FLAG | GSS_C_CONF_FLAG |
GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG | GSS_C_TRANS_FLAG; GSS_C_INTEG_FLAG | GSS_C_ANON_FLAG | GSS_C_TRANS_FLAG |
GSS_C_CHANNEL_BOUND_FLAG; /* CB part of KDF, so always validated */
major = _gss_sanon_import_rfc4121_context(minor, sc, req_flags, &session_key); major = _gss_sanon_import_rfc4121_context(minor, sc, req_flags, &session_key);
if (major != GSS_S_COMPLETE) if (major != GSS_S_COMPLETE)