auth/gensec: don't allow gensec_update[_ev] to be called on a subcontext

author Stefan Metzmacher <metze@samba.org>

Thu, 11 May 2017 12:22:27 +0000 (14:22 +0200)

committer Andreas Schneider <asn@cryptomilk.org>

Tue, 25 Jul 2017 11:51:12 +0000 (13:51 +0200)
author Stefan Metzmacher <metze@samba.org>
Thu, 11 May 2017 12:22:27 +0000 (14:22 +0200)
committer Andreas Schneider <asn@cryptomilk.org>
Tue, 25 Jul 2017 11:51:12 +0000 (13:51 +0200)
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c

index 6a747ca3601c241dbc2ca5a8f63c6dddc022ad14..f3969b4129be2cfaebba441a77c415b7d6aff694 100644 (file)
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -329,6 +329,13 @@ _PUBLIC_ NTSTATUS gensec_update_ev(struct gensec_security *gensec_security,
         struct tevent_req *subreq = NULL;
         bool ok;
  
+       if (gensec_security->subcontext) {
+               /*
+                * gensec modules are not allowed to call the sync version.
+                */
+               return NT_STATUS_INTERNAL_ERROR;
+       }
+
         frame = talloc_stackframe();
  
         if (ev == NULL) {
author	Stefan Metzmacher <metze@samba.org>
	Thu, 11 May 2017 12:22:27 +0000 (14:22 +0200)
committer	Andreas Schneider <asn@cryptomilk.org>
	Tue, 25 Jul 2017 11:51:12 +0000 (13:51 +0200)