fix crash with missing mechtypes
simo
idra at samba.org
Sat Sep 25 04:30:37 MDT 2010
On Sat, 2010-09-25 at 08:31 +1000, Andrew Bartlett wrote:
> On Fri, 2010-09-24 at 09:57 -0700, Jeremy Allison wrote:
> > On Fri, Sep 24, 2010 at 12:36:37PM -0400, simo wrote:
> > >
> > > Do you know how windows behaves against the same test ?
> >
> > No, the test suites are proprietary and even if I did
> > I couldn't discuss it (under plugfest NDA I'm afraid).
>
> http://tools.ietf.org/html/rfc4178#section-4.2.1
> I decided to look up the RFC:
>
> 4.2.1. negTokenInit
>
> NegTokenInit ::= SEQUENCE {
> mechTypes [0] MechTypeList,
> reqFlags [1] ContextFlags OPTIONAL,
> -- inherited from RFC 2478 for backward compatibility,
> -- RECOMMENDED to be left out
> mechToken [2] OCTET STRING OPTIONAL,
> mechListMIC [3] OCTET STRING OPTIONAL,
> ...
> }
> ContextFlags ::= BIT STRING {
> delegFlag (0),
> mutualFlag (1),
> replayFlag (2),
> sequenceFlag (3),
> anonFlag (4),
> confFlag (5),
> integFlag (6)
> } (SIZE (32))
>
> This is the syntax for the inner token of the initial negotiation
> message.
>
> mechTypes
>
> This field contains one or more security mechanisms available for
> the initiator, in decreasing preference order (favorite choice
> first).
>
> The older http://tools.ietf.org/html/rfc2478 also states that one or
> more mechTypes must be sent, but marks the ASN.1 as optional.
>
> > This fix prevents the crash, and I still think not
> > sending any OID's in a packet is definitely an invalid
> > parameter error :-).
>
> It seems to me that this isn't optional, and therefore an invalid
> parameter reply is quite justified.
Ok, then all is fine, indeed.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list