From c27219caa2d75baf854b1535eb222d679fbe4fcd Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Wed, 24 Jun 2015 16:10:58 -0400
Subject: [PATCH] Properly check return error when filtering mechs

We need to fail only if the input was an actual set and instead we
get back GSS_C_NO_OID_SET. In all other cases we are fine.

Signed-off-by: Simo Sorce <simo@redhat.com>
---
 src/mod_auth_gssapi.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/mod_auth_gssapi.c b/src/mod_auth_gssapi.c
index 87a1051..d673912 100644
--- a/src/mod_auth_gssapi.c
+++ b/src/mod_auth_gssapi.c
@@ -349,6 +349,8 @@ gss_OID_set mag_filter_unwanted_mechs(gss_OID_set src)
     uint32_t maj, min;
     int present = 0;
 
+    if (src == GSS_C_NO_OID_SET) return GSS_C_NO_OID_SET;
+
     for (int i = 0; unwanted_mechs[i] != GSS_C_NO_OID; i++) {
         maj = gss_test_oid_set_member(&min,
                                       discard_const(unwanted_mechs[i]),
@@ -459,7 +461,8 @@ static bool mag_auth_basic(request_rec *req,
      * multiple times uselessly.
      */
     filtered_mechs = mag_filter_unwanted_mechs(allowed_mechs);
-    if (filtered_mechs == GSS_C_NO_OID_SET) {
+    if ((allowed_mechs != GSS_C_NO_OID_SET) &&
+        (filtered_mechs == GSS_C_NO_OID_SET)) {
         ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, req, "Fatal "
                       "failure while filtering mechs, aborting");
         goto done;
-- 
2.1.4