]> granicus.if.org Git - curl/commitdiff
projects / curl / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9016958)
Curl_input_negotiate: do not delegate GSSAPI credentials
authorDaniel Stenberg <daniel@haxx.se>
Tue, 7 Jun 2011 22:10:26 +0000 (00:10 +0200)
committerDaniel Stenberg <daniel@haxx.se>
Wed, 22 Jun 2011 21:04:26 +0000 (23:04 +0200)
This is a security flaw. See curl advisory 20110623 for details.

Reported by: Richard Silverman

lib/http_negotiate.c patch | blob | history

diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c
index 202d69ecc72ac57b857f6af20092f1713efdc996..5127e64800dea92918fc561c2a6e069815dffce2 100644 (file)
--- a/lib/http_negotiate.c
+++ b/lib/http_negotiate.c
@@ -243,7 +243,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
                                       &neg_ctx->context,
                                       neg_ctx->server_name,
                                       GSS_C_NO_OID,
-                                      GSS_C_DELEG_FLAG,
+                                      0,
                                       0,
                                       GSS_C_NO_CHANNEL_BINDINGS,
                                       &input_token,
Unnamed repository; edit this file 'description' to name the repository.