From acab4b59b0d14befc5a74ec2600853704c66bc5e Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Fri, 18 Mar 2011 16:56:16 +1100 Subject: [PATCH] enforce empty host portion of name for initiators --- mech_eap/init_sec_context.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c index 0bab5ed..04624f0 100644 --- a/mech_eap/init_sec_context.c +++ b/mech_eap/init_sec_context.c @@ -224,7 +224,11 @@ peerConfigInit(OM_uint32 *minor, assert(cred->name != GSS_C_NO_NAME); - if ((cred->name->flags & (NAME_FLAG_NAI | NAME_FLAG_SERVICE)) == 0) { + /* + * draft-ietf-abfab-gss-eap-01: the host portion is empty + * for initiators. + */ + if ((cred->name->flags & NAME_FLAG_NAI) == 0) { *minor = GSSEAP_BAD_INITIATOR_NAME; return GSS_S_BAD_NAME; } -- 2.1.4