| commit | 36735336442e9bae9988a6655a0cb2bab6a4da1a | |
| author | Stefan Metzmacher <metze@samba.org> | |
| Fri, 20 Nov 2015 10:42:55 +0000 (20 11:42 +0100) | ||
| committer | Stefan Metzmacher <metze@samba.org> | |
| Tue, 29 Mar 2016 14:25:39 +0000 (29 16:25 +0200) | ||
| tree | b6d0cf4cf1e7b287b91849619d782deaf873f82b | treesnapshot (tar.gz zip) |
| parent | 9440fa898f857f62bd43fcc39a912bd93f5948c5 | commitdiff |
CVE-2016-2110: auth/gensec: fix the client side of a spnego downgrade
New servers response with SPNEGO_REQUEST_MIC instead of
SPNEGO_ACCEPT_INCOMPLETE to a downgrade.
With just KRB5 and NTLMSSP this doesn't happen, but we
want to be prepared for the future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
New servers response with SPNEGO_REQUEST_MIC instead of
SPNEGO_ACCEPT_INCOMPLETE to a downgrade.
With just KRB5 and NTLMSSP this doesn't happen, but we
want to be prepared for the future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
| auth/gensec/spnego.c | diffblobblamehistory |