auth/spnego: make sure we don't return OK without sub_sec_ready in gensec_spnego_clie...
authorStefan Metzmacher <metze@samba.org>
Mon, 17 Jul 2017 18:49:34 +0000 (20:49 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Tue, 25 Jul 2017 11:51:11 +0000 (13:51 +0200)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
auth/gensec/spnego.c

index 87a0791..22abad3 100644 (file)
@@ -844,6 +844,12 @@ static NTSTATUS gensec_spnego_client_negTokenTarg(struct gensec_security *gensec
        if (sub_out.length == 0 && mech_list_mic.length == 0) {
                *out = data_blob_null;
 
+               if (!spnego_state->sub_sec_ready) {
+                       /* somethings wrong here... */
+                       DBG_ERR("gensec_update not ready without output\n");
+                       return NT_STATUS_INTERNAL_ERROR;
+               }
+
                if (ta->negResult != SPNEGO_ACCEPT_COMPLETED) {
                        /* unless of course it did not accept */
                        DBG_WARNING("gensec_update ok but not accepted\n");