diff options
author | Steve Holme <steve_holme@hotmail.com> | 2016-04-03 11:45:02 +0100 |
---|---|---|
committer | Steve Holme <steve_holme@hotmail.com> | 2016-04-03 11:45:02 +0100 |
commit | 61152e7d9433c868a39be2c9e79a21dae60c0f33 (patch) | |
tree | 2b0b6c81a5acacce0f4a2eb354773a058259558f /lib/vauth | |
parent | 228cd71c6f08d1d85f875284f6a72f796dec13c4 (diff) | |
download | curl-61152e7d9433c868a39be2c9e79a21dae60c0f33.tar.gz |
krb5_sspi: Only process challenge when present
This wouldn't cause a problem because of the way the function is called,
but prior to this change, we were processing the challenge message when
the credentials were NULL rather than when the challenge message was
populated.
This also brings this part of the Kerberos 5 code in line with the
Negotiate code.
Diffstat (limited to 'lib/vauth')
-rw-r--r-- | lib/vauth/krb5_sspi.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/vauth/krb5_sspi.c b/lib/vauth/krb5_sspi.c index 4ad5f3ac0..ee80daee0 100644 --- a/lib/vauth/krb5_sspi.c +++ b/lib/vauth/krb5_sspi.c @@ -150,9 +150,10 @@ CURLcode Curl_auth_create_gssapi_user_message(struct SessionHandle *data, memset(krb5->context, 0, sizeof(CtxtHandle)); } - else { + + if(chlg64 && strlen(chlg64)) { /* Decode the base-64 encoded challenge message */ - if(strlen(chlg64) && *chlg64 != '=') { + if(*chlg64 != '=') { result = Curl_base64_decode(chlg64, &chlg, &chlglen); if(result) return result; |