From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 9 Oct 2012 11:01:56 +0000 (+0200)
Subject: http_negotiate: do not delegate GSSAPI credentials
X-Git-Tag: elinks-0.12pre6~4
X-Git-Url: https://repo.or.cz/w/elinks.git/commitdiff_plain/da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7

http_negotiate: do not delegate GSSAPI credentials

CVE-2012-4545.  Reported by Marko Myllynen.
---

diff --git a/src/protocol/http/http_negotiate.c b/src/protocol/http/http_negotiate.c
index 470b0717..271b4435 100644
--- a/src/protocol/http/http_negotiate.c
+++ b/src/protocol/http/http_negotiate.c
@@ -188,7 +188,7 @@ http_negotiate_create_context(struct negotiate *neg)
 					    &neg->context,
 					    neg->server_name,
 					    GSS_C_NO_OID,
-					    GSS_C_DELEG_FLAG,
+					    0,
 					    0,
 					    GSS_C_NO_CHANNEL_BINDINGS,
 					    &neg->input_token,