From 2b0f5aeb8148fd70ea881798b82f2774c57e8901 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 7 Apr 2026 15:58:31 +0200 Subject: [PATCH] Check GSS_C_REPLAY_FLAG in client-side ret_flags validation RFC 3645 Section 3.1.1 mandates that the client MUST abandon the algorithm if replay_det_state is FALSE after GSS_Init_sec_context completes. The previous commit checked MUTUAL and INTEG but missed REPLAY, even though it was already requested in the input flags. Add GSS_C_REPLAY_FLAG to the ret_flags bitmask check so all three required properties (replay detection, mutual authentication, and integrity) are verified. Co-Authored-By: Claude Opus 4.6 (1M context) --- lib/dns/gssapictx.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/lib/dns/gssapictx.c b/lib/dns/gssapictx.c index 8f4c1c56c9..9e025b1a3b 100644 --- a/lib/dns/gssapictx.c +++ b/lib/dns/gssapictx.c @@ -356,17 +356,19 @@ dst_gssapi_initctx(const dns_name_t *name, isc_buffer_t *intoken, } /* - * RFC 3645 Section 3.1.1: verify that mutual authentication - * and integrity are supported. If either is missing, the - * security context does not meet the protocol requirements. + * RFC 3645 Section 3.1.1: verify that replay detection, mutual + * authentication and integrity are supported. The RFC mandates + * checking replay_det_state and mutual_state; integ_avail is + * also verified because GSS-TSIG cannot function without it. */ if (gret == GSS_S_COMPLETE && - (ret_flags & (GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG)) != - (GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG)) + (ret_flags & + (GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG)) != + (GSS_C_REPLAY_FLAG | GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG)) { gss_log(3, - "GSS-API context lacks required MUTUAL or " - "INTEG flags (ret_flags=0x%x)", + "GSS-API context lacks required REPLAY, MUTUAL, " + "or INTEG flags (ret_flags=0x%x)", (unsigned int)ret_flags); CLEANUP(ISC_R_FAILURE); }