aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2025-02-02 15:09:23 -05:00
Code

http_negotiate: do not delegate GSSAPI credentials

Browse Source 
CVE-2012-4545.  Reported by Marko Myllynen.
(cherry picked from elinks-0.12 commit da18694ff7dd0b67dfcb3c417fb0579b1e7d02d7)
This commit is contained in:
Kamil Dudka 2012-10-09 13:01:56 +02:00 committed by Kalle Olavi Niemitalo
parent 62818a39f9
commit 5e113362da
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/protocol/http/http_negotiate.c
View File

@ -188,7 +188,7 @@ http_negotiate_create_context(struct negotiate *neg)
&neg->context, &neg->context,
neg->server_name, neg->server_name,
GSS_C_NO_OID, GSS_C_NO_OID,
GSS_C_DELEG_FLAG, 0,
0, 0,
GSS_C_NO_CHANNEL_BINDINGS, GSS_C_NO_CHANNEL_BINDINGS,
&neg->input_token, &neg->input_token,