Last Comment Bug 592692 - Negotiate auth may fail with GSSAPI
: Negotiate auth may fail with GSSAPI
Status: RESOLVED FIXED
fixed on trunk and 1.9.2 by 502607
:
Product: Core
Classification: Components
Component: Networking: HTTP (show other bugs)
: 1.9.1 Branch
: All Linux
: -- normal (vote)
: ---
Assigned To: Mike Hommey [:glandium]
:
Mentors:
Depends on: 520607
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-01 08:58 PDT by Mike Hommey [:glandium]
Modified: 2010-10-05 01:44 PDT (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
unaffected
unaffected
.16-fixed


Attachments
Calculate token length after removing padding (1.06 KB, patch)
2010-09-01 08:58 PDT, Mike Hommey [:glandium]
bzbarsky: review+
dveditz: approval1.9.1.14-
dveditz: approval1.9.1.16+
Details | Diff | Review

Description Mike Hommey [:glandium] 2010-09-01 08:58:37 PDT
Created attachment 471135 [details] [diff] [review]
Calculate token length after removing padding

In function nsHttpNegotiateAuth::GenerateCredentials, the token length that is given to nsIAuthModule::GetNextToken is calculated before any '=' padding is removed from the original challenge.

This can lead to passing extra bytes to gss_init_sec_context and causes negotiate auth to fail. I don't know if this has impact on other platforms than Linux.

Somehow, this was fixed in a supposedly unrelated patchset:
http://hg.mozilla.org/mozilla-central/rev/275225278550

But it still remains an issue on 3.5/1.9.1.
Comment 1 Boris Zbarsky [:bz] 2010-09-07 06:37:30 PDT
Comment on attachment 471135 [details] [diff] [review]
Calculate token length after removing padding

OK.
Comment 2 Daniel Veditz [:dveditz] 2010-09-27 16:37:12 PDT
Comment on attachment 471135 [details] [diff] [review]
Calculate token length after removing padding

Approved for 1.9.2.11, a=dveditz for release-drivers
Comment 3 Daniel Veditz [:dveditz] 2010-10-04 10:57:33 PDT
Comment on attachment 471135 [details] [diff] [review]
Calculate token length after removing padding

missed 1.9.2.11 so we'll see if it lands for 1.9.2.12
Comment 4 Reed Loden [:reed] (use needinfo?) 2010-10-04 11:09:46 PDT
glandium, are you going to land this, or should it be in the checkin-needed queue?
Comment 5 Mike Hommey [:glandium] 2010-10-04 23:32:25 PDT
When is 1.9.1 open for 1.9.1.15 stuff ?
Comment 6 Reed Loden [:reed] (use needinfo?) 2010-10-04 23:55:18 PDT
(In reply to comment #5)
> When is 1.9.1 open for 1.9.1.15 stuff ?

Now. See http://tinderbox.mozilla.org/Firefox3.5/ for tree rules.
Comment 7 Mike Hommey [:glandium] 2010-10-05 01:44:22 PDT
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/a78a9ff14f26

Note You need to log in before you can comment on or make changes to this bug.