gssapi: SPNEGO does not reset NTLM RC4 state (#509)

2019-01-05 18:38:42 +11:00
parent 9750f2d915
commit 83d2951c0d
12 changed files with 132 additions and 23 deletions
--- a/lib/gssapi/spnego/init_sec_context.c
+++ b/lib/gssapi/spnego/init_sec_context.c
@@ -136,6 +136,9 @@ spnego_reply_internal(OM_uint32 *minor_status,
 			  0,
 			  mech_buf,
 			  &mic_buf);
+	if (ret == GSS_S_COMPLETE &&
+	    gss_oid_equal(context_handle->negotiated_mech_type, GSS_NTLM_MECHANISM))
+	    _gss_spnego_ntlm_reset_crypto(minor_status, context_handle, 0);
 	if (ret == GSS_S_COMPLETE) {
 	    ALLOC(nt.u.negTokenResp.mechListMIC, 1);
 	    if (nt.u.negTokenResp.mechListMIC == NULL) {
@@ -580,6 +583,9 @@ spnego_reply
 				 &mech_buf,
 				 &mic_buf,
 				 NULL);
+	   if (ret == GSS_S_COMPLETE &&
+	       gss_oid_equal(ctx->negotiated_mech_type, GSS_NTLM_MECHANISM))
+		_gss_spnego_ntlm_reset_crypto(minor_status, ctx, 1);
 	   if (ret) {
 		HEIMDAL_MUTEX_unlock(&ctx->ctx_id_mutex);
 		free(mech_buf.value);