From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 11 Nov 2019 17:25:41 +0000 (-0500)
Subject: Fix SPNEGO fallback context handling
X-Git-Tag: krb5-1.18-beta1~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=40ecfad10dd36700028ff0f3d0d79ce7925fe545;p=thirdparty%2Fkrb5.git

Fix SPNEGO fallback context handling

In init_ctx_call_init(), if gss_init_sec_context() fails while
producing the first SPNEGO initiator token, we remove the first
candidate mechanism from sc->mech_set and try again.  If
sc->ctx_handle is present after the error (more likely after commit
56f7b1bc95a2a3eeb420e069e7655fb181ade5cf), we must clear it before
falling back or it will cause subsequent attempts to fail.

ticket: 8846 (new)
tags: pullup
target_version: 1.17-next
target_version: 1.16-next
---

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 5f92cb607e..9123d9c3ab 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -972,6 +972,7 @@ init_ctx_call_init(OM_uint32 *minor_status,
 	gss_release_buffer(&tmpmin, &sc->DER_mechTypes);
 	if (put_mech_set(sc->mech_set, &sc->DER_mechTypes) < 0)
 		goto fail;
+	gss_delete_sec_context(&tmpmin, &sc->ctx_handle, GSS_C_NO_BUFFER);
 	tmpret = init_ctx_call_init(&tmpmin, sc, spcred, acc_negState,
 				    target_name, req_flags, time_req,
 				    mechtok_in, mechtok_out, time_rec,