[38778] in Kerberos
A possible small bug in SPNEGO handling when dealing with NETAPP
daemon@ATHENA.MIT.EDU (Richard Sharpe)
Mon Jun 29 18:30:51 2020
MIME-Version: 1.0
From: Richard Sharpe <realrichardsharpe@gmail.com>
Date: Mon, 29 Jun 2020 15:22:22 -0700
Message-ID: <CACyXjPw0WPZq2s4DC0=TiLbZ9ehHvP_+JRA9O-kKf421fMsYmw@mail.gmail.com>
To: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="000000000000a9641705a94093e7"
Errors-To: kerberos-bounces@mit.edu
--000000000000a9641705a94093e7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi folks,
I have recently had to deal with a problem when calling
gss_init_sec_context after receiving an SPNEGO negTokenTarg from
NetApp C-Mode and 7-Mode servers.
After some investigation, I tracked it down to
src/lib/gssapi/spnego/spnego_mech.c in get_mech_oid when handling the
supportedMech OID.
The code was directly extracting the length from the buffer but (as
you can see from the capture attached in the Session Setup Response)
NetApp encodes the length of the OID in a longer form as 0x82 0x00
0x09 instead of the short-form 0x09.
To fix this I simply changed the code to call gssint_get_der_length to
retrieve the OID length. The following patch shows the change:
------------------------------------------
--- a/src/lib/gssapi/spnego/spnego_mech.c.orig 2017-03-02
22:06:02.000000000 +0000
+++ b/src/lib/gssapi/spnego/spnego_mech.c 2020-06-29
21:07:05.749062072 +0000
@@ -3256,6 +3256,7 @@
gss_OID_desc toid;
gss_OID mech_out =3D NULL;
unsigned char *start, *end;
+ unsigned int bytes;
if (length < 1 || **buff_in !=3D MECH_OID)
return (NULL);
@@ -3264,9 +3265,11 @@
end =3D start + length;
(*buff_in)++;
- toid.length =3D *(*buff_in)++;
- if ((*buff_in + toid.length) > end)
+ /* Get the length in a way that allows more impls to work */
+ toid.length =3D gssint_get_der_length(buff_in, length - 1, &bytes);
+
+ if (toid.length < 0 || (*buff_in + toid.length) > end)
return (NULL);
toid.elements =3D *buff_in;
-------------------------------
With this change my test program (based on libsmb2) now works against
both Windows 2012 and NetApp C-Mode servers.
Should I file a bug about this?
--=20
Regards,
Richard Sharpe
(=E4=BD=95=E4=BB=A5=E8=A7=A3=E6=86=82=EF=BC=9F=E5=94=AF=E6=9C=89=E6=9D=9C=
=E5=BA=B7=E3=80=82--=E6=9B=B9=E6=93=8D)(=E4=BC=A0=E8=AF=B4=E6=9D=9C=E5=BA=
=B7=E6=98=AF=E9=85=92=E7=9A=84=E5=8F=91=E6=98=8E=E8=80=85)
--000000000000a9641705a94093e7
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--000000000000a9641705a94093e7--
