git.ipfire.org Git - thirdparty/curl.git/commit

]> git.ipfire.org Git - thirdparty/curl.git/commit

projects / thirdparty / curl.git / commit

author	Patrick Monnerat <patrick@monnerat.net>
	Mon, 16 Aug 2021 06:35:22 +0000 (08:35 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 16 Aug 2021 06:36:10 +0000 (08:36 +0200)
commit	7da2990b199225140bf1adea4caf7fa7b55e4f4b
tree	a8d49b6f420d3e71c67435a4642d6cbbf8cf88bd	tree
parent	396a2d7fe3b9d10acfd69656490efd0dbbefc7b0	commit \| diff

auth: do not append zero-terminator to authorisation id in kerberos

RFC4752 Section 3.1 states "The authorization identity is not terminated
with a zero-valued (%x00) octet". Although a comment in code said it may
be needed anyway, nothing confirms it. In addition, servers may consider
it as part of the identity, causing a failure.

Closes #7008

lib/vauth/krb5_gssapi.c		diff \| blob \| blame \| history
lib/vauth/krb5_sspi.c		diff \| blob \| blame \| history

Mirror of https://github.com/curl/curl.git

RSS Atom