19 lines
670 B
Plaintext
19 lines
670 B
Plaintext
diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
|
|
index ce3075f..6241055 100644
|
|
--- a/src/lib/gssapi/krb5/accept_sec_context.c
|
|
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
|
|
@@ -607,6 +607,13 @@ kg_accept_krb5(minor_status, context_handle,
|
|
}
|
|
#endif
|
|
|
|
+ if (authdat->checksum == NULL) {
|
|
+ /* missing checksum counts as "inappropriate type" */
|
|
+ code = KRB5KRB_AP_ERR_INAPP_CKSUM;
|
|
+ major_status = GSS_S_FAILURE;
|
|
+ goto fail;
|
|
+ }
|
|
+
|
|
if (authdat->checksum->checksum_type != CKSUMTYPE_KG_CB) {
|
|
/* Samba does not send 0x8003 GSS-API checksums */
|
|
krb5_boolean valid;
|