]> git.ipfire.org Git - thirdparty/bind9.git/commit
projects / thirdparty / bind9.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4e45536) | patch
Verify integrity flag on server-side GSS-API context
authorOndřej Surý <ondrej@sury.org>
Wed, 18 Mar 2026 00:02:24 +0000 (01:02 +0100)
committerMichał Kępień <michal@isc.org>
Thu, 7 May 2026 11:32:15 +0000 (13:32 +0200)
commit45c93af5c0f9bcc2ff864f7f122fdfe5a2e9382c
tree257288357c22d8e3e95eb59e3c16bf1aecd5dd5ctree | snapshot
parent4e455365bf2f8d5eeb185f3b7141ba2519fbbc93commit | diff
Verify integrity flag on server-side GSS-API context

After gss_accept_sec_context() completes, verify that the INTEG flag
is set in ret_flags.  Without integrity protection, GSS-TSIG message
authentication cannot function correctly.

The server side was previously passing NULL for ret_flags, meaning it
never verified the negotiated security properties.  The client side
was fixed in the previous commit; this fixes the server side.
lib/dns/gssapictx.c diff | blob | blame | history
Mirror of https://gitlab.isc.org/isc-projects/bind9.git