From c5d0acb8598bf6c4993458cb149341bbc0622705 Mon Sep 17 00:00:00 2001 From: Derrick Brashear Date: Mon, 6 Dec 2010 09:47:42 -0500 Subject: [PATCH] Correct "not newer" etypes per RFC 4121 Section 1 of RFC 4121 describes behavior which applies when using "newer" etypes, then goes on in table form to list etypes which are not newer. While it specifies it is ok to use new token formats when both initiator and acceptor are known to handle them, this code makes no such verification, and encoded an incorrect set of etypes as "not newer". Correct the list. Signed-off-by: Love Hornquist Astrand --- lib/gssapi/krb5/accept_sec_context.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/gssapi/krb5/accept_sec_context.c b/lib/gssapi/krb5/accept_sec_context.c index 0e8fbe837..a5e9d054c 100644 --- a/lib/gssapi/krb5/accept_sec_context.c +++ b/lib/gssapi/krb5/accept_sec_context.c @@ -99,6 +99,7 @@ _gsskrb5i_is_cfx(krb5_context context, gsskrb5_ctx ctx, int acceptor) case ETYPE_DES_CBC_MD4: case ETYPE_DES_CBC_MD5: case ETYPE_DES3_CBC_MD5: + case ETYPE_OLD_DES3_CBC_SHA1: case ETYPE_DES3_CBC_SHA1: case ETYPE_ARCFOUR_HMAC_MD5: case ETYPE_ARCFOUR_HMAC_MD5_56: