Bug 15603 - Heimdal ignores _gsskrb5_decapsulate errors in init_sec_context/repl_mutual
Summary: Heimdal ignores _gsskrb5_decapsulate errors in init_sec_context/repl_mutual
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Other (show other bugs)
Version: 4.20.0rc3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-11 14:41 UTC by Stefan Metzmacher
Modified: 2024-08-02 12:14 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2024-03-11 14:41:21 UTC
It seems (at least our own) dns server echos the kerberos AP-REQ inside gssapi
and we feed that back into gss_init_sec_context().

In repl_mutual we expect _gsskrb5_decapsulate to check for a TOK_ID = KRB_AP_REP (02 00) pdu or fallback to KRB_ERROR (03 00), but for KRB_AP_REQ (01 00)
we get GSS_S_DEFECTIVE_TOKEN and ignore that an call krb5_rd_rep with
uninitialized data, which generates ASN1_MISSING_FIELD.
Comment 1 Samba QA Contact 2024-04-24 01:00:05 UTC
This bug was referenced in samba master:

9b92cbacac11fb64cca2c4770cbdce789525b87a
Comment 2 Samba QA Contact 2024-07-09 10:54:12 UTC
This bug was referenced in samba v4-20-test:

c86e8742373cfa022419de40427dba45239d0ae4
Comment 3 Samba QA Contact 2024-08-02 12:14:05 UTC
This bug was referenced in samba v4-20-stable (Release samba-4.20.3):

c86e8742373cfa022419de40427dba45239d0ae4