upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bind9/bin/tests/system/tkeyleak
History
Ondřej Surý f14fac5a33
Add regression test for GSS-API context leak via TKEY CONTINUE 
Send crafted SPNEGO NegTokenInit tokens that propose the krb5
mechanism without a mechToken.  This causes gss_accept_sec_context()
to return GSS_S_CONTINUE_NEEDED, which on unfixed code leaks the
GSS context handle (~520 bytes per query).

The test verifies that the server rejects the negotiation (TKEY
error != 0, no continuation token) rather than returning a CONTINUE
response (error=0 with output token).
2026-05-07 13:32:15 +02:00
..
ns1 Add regression test for GSS-API context leak via TKEY CONTINUE 2026-05-07 13:32:15 +02:00
prereq.sh Add regression test for GSS-API context leak via TKEY CONTINUE 2026-05-07 13:32:15 +02:00
setup.sh Add regression test for GSS-API context leak via TKEY CONTINUE 2026-05-07 13:32:15 +02:00
tests_tkeyleak.py Add regression test for GSS-API context leak via TKEY CONTINUE 2026-05-07 13:32:15 +02:00