errata logo graphic

Found 2 records.

Status: Verified (2)

RFC5801, "Using Generic Security Service Application Program Interface (GSS-API) Mechanisms in Simple Authentication and Security Layer (SASL): The GS2 Mechanism Family", July 2010

Source of RFC: sasl (sec)

Errata ID: 2768

Status: Verified
Type: Technical

Reported By: Simon Josefsson
Date Reported: 2011-04-06
Verifier Name: Sean Turner
Date Verified: 2011-05-12

Section 10.1 and 11. says:

Section 10.1:
        const gss_OID  desired_mech,

Section 11.1:
       const gss_buffer_t   sasl_mech_name,

It should say:

Section 10.1:
        gss_const_OID  desired_mech,

Section 11.1:
       gss_const_buffer_t   sasl_mech_name,

Add to section 2:
   The normative reference to [RFC5587] is for
   the C types "gss_const_buffer_t" and "gss_const_OID", nothing else
   from that document is required to implement this document.

Add new normative reference:
   [RFC5587]  Williams, N., "Extended Generic Security Service Mechanism
              Inquiry APIs", RFC 5587, July 2009.

Notes:

There is a bug in the C interfaces for these functions. RFC 5587 section 3.4.6 explains the problem and specifies new types to use instead. This errata makes RFC 5801 use the corrected types.

As far as I understand, there are no technical/implementation implications caused by this change -- it merely helps the compiler check implementations better and (in some cases) it can avoid compiler warnings on application code.

A similar issue was recently discussed in the Kitten WG list.


Errata ID: 2825

Status: Verified
Type: Technical

Reported By: Thomas Maslen
Date Reported: 2011-06-07
Verifier Name: Stephen Farrell
Date Verified: 2013-03-16

Section 5.1 says:

The initiator-address-type and acceptor-address-type fields of the GSS-CHANNEL-BINDINGS structure MUST be set to 0.

It should say:

The initiator-address-type and acceptor-address-type fields of the GSS-CHANNEL-BINDINGS structure MUST be set to 255 (GSS_C_AF_NULLADDR).

Notes:

See RFC 2744, section 3.11, last paragraph: "[...] or omit addressing information, specifying GSS_C_AF_NULLADDR as the address-types".

Appendix A of RFC 2744 specifies that the value of GSS_C_AF_NULLADDR is 255.


Report New Errata