Squash internal errors to no minor

Previously, we would send no error token in the case where the minor
status is not a wire error.  Instead, turn this into a 0 minor status.

Permit 0 minor status to be received.

diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h
index 0a81cd8..4dc0f34 100644 (file)
--- a/mech_eap/gssapiP_eap.h
+++ b/mech_eap/gssapiP_eap.h
@@ -337,7 +337,7 @@ gssEapDisplayStatus(OM_uint32 *minor,
                     OM_uint32 status_value,
                     gss_buffer_t status_string);
 
-#define IS_WIRE_ERROR(err)              ((err) > GSSEAP_RESERVED && \
+#define IS_WIRE_ERROR(err)              ((err) >= GSSEAP_RESERVED && \
                                          (err) <= GSSEAP_RADIUS_PROT_FAILURE)
 
 #ifdef GSSEAP_ENABLE_ACCEPTOR

diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c
index 2ede1c5..fdadbbb 100644 (file)
--- a/mech_eap/init_sec_context.c
+++ b/mech_eap/init_sec_context.c
@@ -630,7 +630,10 @@ eapGssSmInitError(OM_uint32 *minor,
     p = (unsigned char *)inputToken->value;
 
     major = load_uint32_be(&p[0]);
-    *minor = ERROR_TABLE_BASE_eapg + load_uint32_be(&p[4]);
+    *minor =  load_uint32_be(&p[4]);
+    if ((*minor >0) && (*minor < 128))
+      * minor += ERROR_TABLE_BASE_eapg;
+    else *minor = 0;
 
     if (!GSS_ERROR(major) || !IS_WIRE_ERROR(*minor)) {
         major = GSS_S_FAILURE;

diff --git a/mech_eap/util_sm.c b/mech_eap/util_sm.c
index 56248d8..a286bba 100644 (file)
--- a/mech_eap/util_sm.c
+++ b/mech_eap/util_sm.c
@@ -115,10 +115,11 @@ makeErrorToken(OM_uint32 *minor,
         minorStatus = GSSEAP_RADIUS_PROT_FAILURE;
     } else if (!IS_WIRE_ERROR(minorStatus)) {
         /* Don't return non-wire error codes */
-        return GSS_S_COMPLETE;
+      minorStatus = 0;
     }
 
-    minorStatus -= ERROR_TABLE_BASE_eapg;
+    if (minorStatus != 0)
+      minorStatus -= ERROR_TABLE_BASE_eapg;
 
     store_uint32_be(majorStatus, &errorData[0]);
     store_uint32_be(minorStatus, &errorData[4]);