Commit 2d6a61bd82624ec556a8bbacdc11516986f2dc4c

Edward Thomson 2019-10-22T09:52:31

gssapi: validate that we were requested Negotiate

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
diff --git a/src/transports/auth_negotiate.c b/src/transports/auth_negotiate.c
index 16af4fe..8fa44cd 100644
--- a/src/transports/auth_negotiate.c
+++ b/src/transports/auth_negotiate.c
@@ -128,11 +128,13 @@ static int negotiate_next_token(
 
 	challenge_len = ctx->challenge ? strlen(ctx->challenge) : 0;
 
-	if (challenge_len < 9) {
-		git_error_set(GIT_ERROR_NET, "no negotiate challenge sent from server");
+	if (challenge_len < 9 || memcmp(ctx->challenge, "Negotiate", 9) != 0) {
+		git_error_set(GIT_ERROR_NET, "server did not request negotiate");
 		error = -1;
 		goto done;
-	} else if (challenge_len > 9) {
+	}
+
+	if (challenge_len > 9) {
 		if (git_buf_decode_base64(&input_buf,
 				ctx->challenge + 10, challenge_len - 10) < 0) {
 			git_error_set(GIT_ERROR_NET, "invalid negotiate challenge from server");