Check GSS_C_REPLAY_FLAG in client-side ret_flags validation

RFC 3645 Section 3.1.1 mandates that the client MUST abandon the algorithm if replay_det_state is FALSE after GSS_Init_sec_context completes. The previous commit checked MUTUAL and INTEG but missed REPLAY, even though it was already requested in the input flags. Add GSS_C_REPLAY_FLAG to the ret_flags bitmask check so all three required properties (replay detection, mutual authentication, and integrity) are verified. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-05-28 04:34:54 -04:00 · 2026-04-07 15:58:31 +02:00 · 2026-04-07 15:58:31 +02:00 · 2b0f5aeb81
commit 2b0f5aeb81
parent 45c93af5c0
1 changed files with 9 additions and 7 deletions
--- a/lib/dns/gssapictx.c
+++ b/lib/dns/gssapictx.c
@ -356,17 +356,19 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken,
 	}

 	/*
-	 * RFC 3645 Section 3.1.1: verify that mutual authentication
-	 * and integrity are supported.  If either is missing, the
-	 * security context does not meet the protocol requirements.
+	 * RFC 3645 Section 3.1.1: verify that replay detection, mutual
+	 * authentication and integrity are supported.  The RFC mandates
+	 * checking replay_det_state and mutual_state; integ_avail is
+	 * also verified because GSS-TSIG cannot function without it.
 	 */
 	if (gret == GSS_S_COMPLETE &&
-	    (ret_flags & (GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG)) !=
-		    (GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG))
+	    (ret_flags &
+	     (GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG)) !=
+		    (GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG))
 	{
 		gss_log(3,
-			"GSS-API context lacks required MUTUAL or "
-			"INTEG flags (ret_flags=0x%x)",
+			"GSS-API context lacks required REPLAY, MUTUAL, "
+			"or INTEG flags (ret_flags=0x%x)",
 			(unsigned int)ret_flags);
 		CLEANUP(ISC_R_FAILURE);
 	}