oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Revert "krb5: zero nonce before encoding for GSS preauth"

Browse Source 
This reverts commit 34b374b5e4.

We are revising the GSS-API pre-authentication draft to include the nonce from
the first request in the GSS channel bindings, to avoid re-encoding issues that
may surface with Kerberos implementations that do not correctly implement DER.
This commit is contained in:
Luke Howard
2021-09-13 13:39:58 +10:00
parent c7bd01c62a
commit 908ef18c9f
2 changed files with 2 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kdc/gss_preauth.c
View File

@@ -191,7 +191,6 @@ _kdc_gss_rd_padata(astgs_request_t r,
{
krb5_error_code ret;
size_t size;
KDC_REQ_BODY kdc_req_body;
OM_uint32 minor;
gss_client_params *gcp = NULL;
@@ -232,11 +231,8 @@ _kdc_gss_rd_padata(astgs_request_t r,
_krb5_gss_data_to_buffer(&pa->padata_value, &input_token);
kdc_req_body = r->req.req_body;
kdc_req_body.nonce = 0;
ASN1_MALLOC_ENCODE(KDC_REQ_BODY, cb.application_data.value,
cb.application_data.length, &kdc_req_body,
cb.application_data.length, &r->req.req_body,
&size, ret);
heim_assert(ret || size == cb.application_data.length,
"internal asn1 encoder error");