From da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Tue, 9 Oct 2012 13:01:56 +0200
Subject: [PATCH] http_negotiate: do not delegate GSSAPI credentials

CVE-2012-4545.  Reported by Marko Myllynen.
---
 src/protocol/http/http_negotiate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/protocol/http/http_negotiate.c b/src/protocol/http/http_negotiate.c
index 470b0717..271b4435 100644
--- a/src/protocol/http/http_negotiate.c
+++ b/src/protocol/http/http_negotiate.c
@@ -188,7 +188,7 @@ http_negotiate_create_context(struct negotiate *neg)
 					    &neg->context,
 					    neg->server_name,
 					    GSS_C_NO_OID,
-					    GSS_C_DELEG_FLAG,
+					    0,
 					    0,
 					    GSS_C_NO_CHANNEL_BINDINGS,
 					    &neg->input_token,
-- 
2.11.4.GIT