Handle empty initial buffer in IAKERB initiator

Section 5.19 of RFC 2744 (about gss_init_sec_context) states,
"Initially, the input_token parameter should be specified either as
GSS_C_NO_BUFFER, or as a pointer to a gss_buffer_desc object whose
length field contains the value zero."  In iakerb_initiator_step(),
handle both cases when deciding whether to parse an acceptor message.

[ghudson@mit.edu: edited commit message]

ticket: 9126 (new)

diff --git a/src/lib/gssapi/krb5/iakerb.c b/src/lib/gssapi/krb5/iakerb.c
index a0d298c49ea4e0dd01557ff216a12748a5c23984..3ee926e69507de7621273dc40bdc56741ebca6e2 100644 (file)
--- a/src/lib/gssapi/krb5/iakerb.c
+++ b/src/lib/gssapi/krb5/iakerb.c
@@ -523,7 +523,7 @@ iakerb_initiator_step(iakerb_ctx_id_t ctx,
     output_token->length = 0;
     output_token->value = NULL;
 
-    if (input_token != GSS_C_NO_BUFFER) {
+    if (input_token != GSS_C_NO_BUFFER && input_token->length > 0) {
         code = iakerb_parse_token(ctx, 0, input_token, NULL, &cookie, &in);
         if (code != 0)
             goto cleanup;