[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ASN1_* Errors Returned from GSSAPI Functions

To: heimdal-discuss@sics.se
Subject: ASN1_* Errors Returned from GSSAPI Functions
From: Michael B Allen <mba2000@ioplex.com>
Date: Tue, 11 Oct 2005 17:38:01 -0400
Sender: owner-heimdal-discuss@sics.se

In lib/gssapi/init_sec_context.c:spnego_reply, ASN1_* errors are being
returned as major status codes:

    ...
    } else  
        return GSS_S_BAD_MECH;

    ret = der_match_tag_and_length((const char *)indata.data,
                                   indata.length,
                                   ASN1_C_CONTEXT, CONS, 1, &len, &taglen);
    if (ret) { 
        return ret;

Shouldn't this be:

    if (ret)
        return GSS_S_CALL_BAD_STRUCTURE;

Would you accept a patch to change this behavior wherever I think it is
occuring or is knowing enough for you to fix them?

Or if it is OK to populate the minor_status perhaps we should put the
ASN1 error there:

    if (ret) {
        *minor_status = ret;
        return GSS_S_CALL_BAD_STRUCTURE;
    }

Thanks,
Mike

Follow-Ups:
- Re: ASN1_* Errors Returned from GSSAPI Functions
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: Cross Realm HELP
Next by Date: Re: restarting ipropd-master
Prev by thread: Re: Cross Realm HELP
Next by thread: Re: ASN1_* Errors Returned from GSSAPI Functions
Index(es):
- Date
- Thread