Fixed issue #402: SASL GSSAPI mechanism acceptor wrongly returns zero…

… maxbufsize (patch from Sergio Gelato)
cyrusimap · Jul 13, 2017 · 6f8cc36 · 6f8cc36
1 parent 9bb0bb0
commit 6f8cc36
Showing 1 changed file with 13 additions and 14 deletions.
diff --git a/plugins/gssapi.c b/plugins/gssapi.c
@@ -1173,21 +1173,14 @@ gssapi_server_mech_ssfcap(context_t *text,
     }
 
     /* build up our security properties token */
-    if (text->requiressf != 0 &&
-	(text->qop & (LAYER_INTEGRITY|LAYER_CONFIDENTIALITY))) {
-	if (params->props.maxbufsize > 0xFFFFFF) {
-	    /* make sure maxbufsize isn't too large */
-	    /* maxbufsize = 0xFFFFFF */
-	    sasldata[1] = sasldata[2] = sasldata[3] = 0xFF;
-	} else {
-	    sasldata[1] = (params->props.maxbufsize >> 16) & 0xFF;
-	    sasldata[2] = (params->props.maxbufsize >> 8) & 0xFF;
-	    sasldata[3] = (params->props.maxbufsize >> 0) & 0xFF;
-	}
+    if (params->props.maxbufsize > 0xFFFFFF) {
+        /* make sure maxbufsize isn't too large */
+        /* maxbufsize = 0xFFFFFF */
+        sasldata[1] = sasldata[2] = sasldata[3] = 0xFF;
     } else {
-	/* From RFC 4752: "The client verifies that the server maximum buffer is 0
-	   if the server does not advertise support for any security layer." */
-	sasldata[1] = sasldata[2] = sasldata[3] = 0;
+        sasldata[1] = (params->props.maxbufsize >> 16) & 0xFF;
+        sasldata[2] = (params->props.maxbufsize >> 8) & 0xFF;
+        sasldata[3] = (params->props.maxbufsize >> 0) & 0xFF;
     }
 
     sasldata[0] = 0;
@@ -1218,6 +1211,12 @@ gssapi_server_mech_ssfcap(context_t *text,
 	sasldata[0] |= LAYER_CONFIDENTIALITY;
     }
 
+    if ((sasldata[0] & ~LAYER_NONE) == 0) {
+	/* From RFC 4752: "The client verifies that the server maximum buffer is 0
+	   if the server does not advertise support for any security layer." */
+	sasldata[1] = sasldata[2] = sasldata[3] = 0;
+    }
+
     /* Remember what we want and can offer */
     text->qop = sasldata[0];