diff options
| author | Simo Sorce <simo@redhat.com> | 2015-06-24 16:10:58 -0400 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2015-06-24 16:10:58 -0400 |
| commit | c27219caa2d75baf854b1535eb222d679fbe4fcd (patch) | |
| tree | 3e242a2a6ae4e871dc49ba3d91580bd320b46750 /src/mod_auth_gssapi.c | |
| parent | d6d8a6b02923827c09eaaebd1e341043860f7b8c (diff) | |
| download | mod_auth_gssapi-c27219caa2d75baf854b1535eb222d679fbe4fcd.tar.gz mod_auth_gssapi-c27219caa2d75baf854b1535eb222d679fbe4fcd.tar.xz mod_auth_gssapi-c27219caa2d75baf854b1535eb222d679fbe4fcd.zip | |
Properly check return error when filtering mechs
We need to fail only if the input was an actual set and instead we
get back GSS_C_NO_OID_SET. In all other cases we are fine.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'src/mod_auth_gssapi.c')
| -rw-r--r-- | src/mod_auth_gssapi.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c index 87a1051..d673912 100644 --- a/src/mod_auth_gssapi.c +++ b/src/mod_auth_gssapi.c @@ -349,6 +349,8 @@ gss_OID_set mag_filter_unwanted_mechs(gss_OID_set src) uint32_t maj, min; int present = 0; + if (src == GSS_C_NO_OID_SET) return GSS_C_NO_OID_SET; + for (int i = 0; unwanted_mechs[i] != GSS_C_NO_OID; i++) { maj = gss_test_oid_set_member(&min, discard_const(unwanted_mechs[i]), @@ -459,7 +461,8 @@ static bool mag_auth_basic(request_rec *req, * multiple times uselessly. */ filtered_mechs = mag_filter_unwanted_mechs(allowed_mechs); - if (filtered_mechs == GSS_C_NO_OID_SET) { + if ((allowed_mechs != GSS_C_NO_OID_SET) && + (filtered_mechs == GSS_C_NO_OID_SET)) { ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, req, "Fatal " "failure while filtering mechs, aborting"); goto done; |