romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-14 21:41:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

socks_gssapi: remove the forced "no protection"

Browse source 
If a protected connection is requested, don't claim to drop down to "no
protection".

Reported in Joshua's sarif data

Closes #18712
This commit is contained in:
Daniel Stenberg 2025-09-21 23:34:37 +02:00
parent aaa39873ea
commit 98dae1d992
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
1 changed files with 1 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/socks_gssapi.c
View file

@ -359,8 +359,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(struct Curl_cfilter *cf,
infof(data, "SOCKS5 server supports GSS-API %s data protection.",
(gss_enc == 0) ? "no" :
((gss_enc == 1) ? "integrity" : "confidentiality"));
/* force for the moment to no data protection */
gss_enc = 0;
/*
* Sending the encryption type in clear seems wrong. It should be
* protected with gss_seal()/gss_wrap(). See RFC1961 extract below