This bug points out a deficiency in the GSS code previously added to the kernel: https://bugzilla.redhat.com/show_bug.cgi?id=796992 The spec (RFC 4121 section 4.2.5) says, "The receiver MUST be able to interpret all possible rotation count values, including rotation counts greater than the length of the token." Note that an implementation is never required to send rotated data. However it is required to be able to handle receiving rotated data. Windows is the only implementation that I am aware of that currently sends tokens with rotated data. Attached is a patch (with way too much debugging) to handle the rotated data we have seen from Microsoft clients. Admittedly, it does not handle all cases, which is required to be fully compliant with the spec. I will not have the time to devote to making it fully compliant. I submit this patch as an RFC and for someone else to complete! Also note that I may have over-complicating things!! I apologize for the attachment rather than putting it inline. K.C.
Attachment:
gss-wrap-rotate.patch
Description: Binary data
