source:
trunk/server/common/patches/curl-gssapi-delegation.patch
@
  1962
        
        | Last change on this file since 1962 was 1922, checked in by geofft, 14 years ago | |
|---|---|
| File size: 1.0 KB | |
- 
        lib/http_negotiate.cFrom a4be0864ba953b3317ece66bf8c2332ea74a4715 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg <daniel@haxx.se> Date: Wed, 8 Jun 2011 00:10:26 +0200 Subject: [PATCH] Curl_input_negotiate: do not delegate credentials This is a security flaw. See curl advisory 201106xx for details. Reported by: Richard Silverman --- lib/http_negotiate.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 202d69e..5127e64 100644 a b int Curl_input_negotiate(struct connectdata *conn, bool proxy, 243 243 &neg_ctx->context, 244 244 neg_ctx->server_name, 245 245 GSS_C_NO_OID, 246 GSS_C_DELEG_FLAG,246 0, 247 247 0, 248 248 GSS_C_NO_CHANNEL_BINDINGS, 249 249 &input_token, 
Note: See TracBrowser
        for help on using the repository browser.
    
