The default bug view has changed. See this FAQ.

Negotiate auth may fail with GSSAPI

RESOLVED FIXED

Status

()

Core
Networking: HTTP
RESOLVED FIXED
7 years ago
7 years ago

People

(Reporter: glandium, Assigned: glandium)

Tracking

1.9.1 Branch
All
Linux
Points:
---

Firefox Tracking Flags

(status2.0 unaffected, status1.9.2 unaffected, status1.9.1 .16-fixed)

Details

(Whiteboard: fixed on trunk and 1.9.2 by 502607)

Attachments

(1 attachment)

(Assignee)

Description

7 years ago
Created attachment 471135 [details] [diff] [review]
Calculate token length after removing padding

In function nsHttpNegotiateAuth::GenerateCredentials, the token length that is given to nsIAuthModule::GetNextToken is calculated before any '=' padding is removed from the original challenge.

This can lead to passing extra bytes to gss_init_sec_context and causes negotiate auth to fail. I don't know if this has impact on other platforms than Linux.

Somehow, this was fixed in a supposedly unrelated patchset:
http://hg.mozilla.org/mozilla-central/rev/275225278550

But it still remains an issue on 3.5/1.9.1.
Attachment #471135 - Flags: review?(bzbarsky)
Comment on attachment 471135 [details] [diff] [review]
Calculate token length after removing padding

OK.
Attachment #471135 - Flags: review?(bzbarsky) → review+
(Assignee)

Updated

7 years ago
Attachment #471135 - Flags: approval1.9.1.13?

Updated

7 years ago
status1.9.2: --- → beta4-fixed
status1.9.2: beta4-fixed → ---
Depends on: 520607
Whiteboard: fixed on trunk and 1.9.2 by 502607
status1.9.2: --- → unaffected
status2.0: --- → unaffected
Comment on attachment 471135 [details] [diff] [review]
Calculate token length after removing padding

Approved for 1.9.2.11, a=dveditz for release-drivers
Attachment #471135 - Flags: approval1.9.1.14? → approval1.9.1.14+
Comment on attachment 471135 [details] [diff] [review]
Calculate token length after removing padding

missed 1.9.2.11 so we'll see if it lands for 1.9.2.12
Attachment #471135 - Flags: approval1.9.1.15+
Attachment #471135 - Flags: approval1.9.1.14-
Attachment #471135 - Flags: approval1.9.1.14+
glandium, are you going to land this, or should it be in the checkin-needed queue?
Assignee: nobody → mh+mozilla
Status: NEW → ASSIGNED
(Assignee)

Comment 5

7 years ago
When is 1.9.1 open for 1.9.1.15 stuff ?
(In reply to comment #5)
> When is 1.9.1 open for 1.9.1.15 stuff ?

Now. See http://tinderbox.mozilla.org/Firefox3.5/ for tree rules.
(Assignee)

Comment 7

7 years ago
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/a78a9ff14f26
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
status1.9.1: --- → .15-fixed
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.