From 0817871764e417483afdf005e37f7845b5884db6 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 8 Apr 2009 01:22:45 +0000 Subject: [PATCH] Apply revised patch from Apple that ensures that a REJECT token is sent on error. ticket: 6426 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@22178 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/gssapi/spnego/spnego_mech.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 7854d9f8c..630c73ac1 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -1248,9 +1248,9 @@ spnego_gss_accept_sec_context(void *ct, &negState, &return_token); } cleanup: - if (return_token == INIT_TOKEN_SEND || - return_token == CONT_TOKEN_SEND) { - tmpret = make_spnego_tokenTarg_msg(negState, sc->internal_mech, + if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) { + tmpret = make_spnego_tokenTarg_msg(negState, + sc ? sc->internal_mech : GSS_C_NO_OID, &mechtok_out, mic_out, return_token, output_token); @@ -2465,6 +2465,8 @@ make_spnego_tokenTarg_msg(OM_uint32 status, gss_OID mech_wanted, if (outbuf == GSS_C_NO_BUFFER) return (GSS_S_DEFECTIVE_TOKEN); + if (sendtoken == INIT_TOKEN_SEND && mech_wanted == GSS_C_NO_OID) + return (GSS_S_DEFECTIVE_TOKEN); outbuf->length = 0; outbuf->value = NULL; -- 2.26.2