From 25eb34dd3e7fedb400d3e5b99920936db6711b1e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 17 Oct 2025 16:54:57 +0200 Subject: [PATCH] KNOWN_BUGS: SOCKS-SSPI discards the security context Also make the verbose log say it Pointed out by ZeroPath Closes #19103 --- docs/KNOWN_BUGS | 10 ++++++++++ lib/socks_sspi.c | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index d4e4423094..15ca40102a 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -67,6 +67,7 @@ problems may have been fixed or changed somewhat since this was written. 10. Connection 10.1 --interface with link-scoped IPv6 address 10.2 Does not acknowledge getaddrinfo sorting policy + 10.3 SOCKS-SSPI discards the security context 11. Internals 11.1 gssapi library name + version is missing in curl_version_info() @@ -444,6 +445,15 @@ problems may have been fixed or changed somewhat since this was written. https://github.com/curl/curl/issues/16718 + +10.3 SOCKS-SSPI discards the security context + + After a successful SSPI/GSS-API exchange, the function queries and logs the + authenticated username and reports the supported data-protection level, but + then immediately deletes the negotiated SSPI security context and frees the + credentials before returning. The negotiated context is not stored on the + connection and is therefore never used to protect later SOCKS5 traffic. + 11. Internals 11.1 gssapi library name + version is missing in curl_version_info() diff --git a/lib/socks_sspi.c b/lib/socks_sspi.c index 1077019b11..d4837708a7 100644 --- a/lib/socks_sspi.c +++ b/lib/socks_sspi.c @@ -562,7 +562,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf, } (void)curlx_nonblock(sock, TRUE); - infof(data, "SOCKS5 access with%s protection granted.", + infof(data, "SOCKS5 access with%s protection granted BUT NOT USED.", (socksreq[0] == 0) ? "out GSS-API data": ((socksreq[0] == 1) ? " GSS-API integrity" : " GSS-API confidentiality"));