From 156b8287a7d68569d6a43240fd7ed6b7380193b5 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Sun, 3 Apr 2016 17:17:20 +0100 Subject: [PATCH] krb5_gssapi: Only process challenge when present This wouldn't cause a problem because of the way the function is called, but prior to this change, we were processing the challenge message when the credentials were NULL rather than when the challenge message was populated. This also brings this part of the Kerberos 5 code in line with the Negotiate code. --- lib/vauth/krb5_gssapi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/vauth/krb5_gssapi.c b/lib/vauth/krb5_gssapi.c index 888a279c6..0e0db5bc4 100644 --- a/lib/vauth/krb5_gssapi.c +++ b/lib/vauth/krb5_gssapi.c @@ -113,9 +113,9 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, free(spn); } - if(krb5->context != GSS_C_NO_CONTEXT) { + if(chlg64 && strlen(chlg64)) { /* Decode the base-64 encoded challenge message */ - if(strlen(chlg64) && *chlg64 != '=') { + if(*chlg64 != '=') { result = Curl_base64_decode(chlg64, &chlg, &chlglen); if(result) return result;