From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 6 Oct 2025 07:44:45 +0000 (+0200)
Subject: krb5_sspi: the chlg argument is NOT optional
X-Git-Tag: rc-8_17_0-3~326
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d68f482052595887c2e3cc0b0fcf830a6dbf354;p=thirdparty%2Fcurl.git

krb5_sspi: the chlg argument is NOT optional

Fix the comment, add assert.

Reported-by: Joshua Rogers
Closes #18865
---

diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c
index 985f1c38fc..c1953e1145 100644
--- a/lib/vauth/krb5_sspi.c
+++ b/lib/vauth/krb5_sspi.c
@@ -238,7 +238,7 @@ CURLcode Curl_auth_create_gssapi_user_message(struct Curl_easy *data,
  *
  * data    [in]     - The session handle.
  * authzid [in]     - The authorization identity if some.
- * chlg    [in]     - The optional challenge message.
+ * chlg    [in]     - The challenge message.
  * krb5    [in/out] - The Kerberos 5 data struct being used and modified.
  * out     [out]    - The result storage.
  *
@@ -273,6 +273,7 @@ CURLcode Curl_auth_create_gssapi_security_message(struct Curl_easy *data,
 #endif
 
   /* Ensure we have a valid challenge message */
+  DEBUGASSERT(chlg);
   if(!Curl_bufref_len(chlg)) {
     infof(data, "GSSAPI handshake failure (empty security message)");
     return CURLE_BAD_CONTENT_ENCODING;