(gssapi_krb5_verify_8003_checksum): handle zero channel bindings

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10878 ec53bebd-3082-4978-b11e-865c3cabbd6b

lib/gssapi/8003.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -169,6 +169,7 @@ gssapi_krb5_verify_8003_checksum(
     unsigned char *p;
     OM_uint32 length;
     int DlgOpt;
+    static unsigned char zeros[16];
 
     /* XXX should handle checksums > 24 bytes */
     if(cksum->cksumtype != 0x8003) {
@@ -185,7 +186,8 @@ gssapi_krb5_verify_8003_checksum(
     
     p += 4;
     
-    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
+    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
+	&& memcmp(p, zeros, sizeof(zeros)) != 0) {
 	if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
 	    *minor_status = 0;
 	    return GSS_S_BAD_BINDINGS;

lib/gssapi/krb5/8003.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -169,6 +169,7 @@ gssapi_krb5_verify_8003_checksum(
     unsigned char *p;
     OM_uint32 length;
     int DlgOpt;
+    static unsigned char zeros[16];
 
     /* XXX should handle checksums > 24 bytes */
     if(cksum->cksumtype != 0x8003) {
@@ -185,7 +186,8 @@ gssapi_krb5_verify_8003_checksum(
     
     p += 4;
     
-    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS) {
+    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
+	&& memcmp(p, zeros, sizeof(zeros)) != 0) {
 	if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
 	    *minor_status = 0;
 	    return GSS_S_BAD_BINDINGS;