fix crash with missing mechtypes
Andrew Bartlett
abartlet at samba.org
Fri Sep 24 16:31:03 MDT 2010
On Fri, 2010-09-24 at 09:57 -0700, Jeremy Allison wrote:
> On Fri, Sep 24, 2010 at 12:36:37PM -0400, simo wrote:
> >
> > Do you know how windows behaves against the same test ?
>
> No, the test suites are proprietary and even if I did
> I couldn't discuss it (under plugfest NDA I'm afraid).
http://tools.ietf.org/html/rfc4178#section-4.2.1
I decided to look up the RFC:
4.2.1. negTokenInit
NegTokenInit ::= SEQUENCE {
mechTypes [0] MechTypeList,
reqFlags [1] ContextFlags OPTIONAL,
-- inherited from RFC 2478 for backward compatibility,
-- RECOMMENDED to be left out
mechToken [2] OCTET STRING OPTIONAL,
mechListMIC [3] OCTET STRING OPTIONAL,
...
}
ContextFlags ::= BIT STRING {
delegFlag (0),
mutualFlag (1),
replayFlag (2),
sequenceFlag (3),
anonFlag (4),
confFlag (5),
integFlag (6)
} (SIZE (32))
This is the syntax for the inner token of the initial negotiation
message.
mechTypes
This field contains one or more security mechanisms available for
the initiator, in decreasing preference order (favorite choice
first).
The older http://tools.ietf.org/html/rfc2478 also states that one or
more mechTypes must be sent, but marks the ASN.1 as optional.
> This fix prevents the crash, and I still think not
> sending any OID's in a packet is definitely an invalid
> parameter error :-).
It seems to me that this isn't optional, and therefore an invalid
parameter reply is quite justified.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100925/f2bab174/attachment.pgp>
More information about the samba-technical
mailing list