If trying to wrap data when neither the sign or seal negotiate flags were negotiated then gss_wrap will seg fault. The same scenario through SSPI has the EncryptMessage function return SEC_E_UNSUPPORTED_FUNCTION and I would expect a similar result here and not a fatal error.
To reproduce run the following
import gssapi
import os
import tempfile
ntlm = gssapi.OID.from_int_seq('1.3.6.1.4.1.311.2.2.10')
with tempfile.NamedTemporaryFile() as temp_fd:
with open(temp_fd.name, mode='wb') as fd:
fd.write(b"DOMAIN:USER:PASS")
os.environ['NTLM_USER_FILE'] = temp_fd.name
c_cred = gssapi.Credentials(name=gssapi.Name(base='DOMAIN\\USER', name_type=gssapi.NameType.user), usage='initiate', mechs=[ntlm])
s_cred = gssapi.Credentials(usage='accept', mechs=[ntlm])
spn = gssapi.Name(base='http@test', name_type=gssapi.NameType.hostbased_service)
c = gssapi.SecurityContext(creds=c_cred, usage='initiate', name=spn, mech=ntlm, flags=gssapi.RequirementFlag.mutual_authentication)
s = gssapi.SecurityContext(creds=s_cred, usage='accept')
c.step(s.step(c.step()))
c.wrap(b"data", True)
If trying to wrap data when neither the sign or seal negotiate flags were negotiated then
gss_wrapwill seg fault. The same scenario through SSPI has the EncryptMessage function returnSEC_E_UNSUPPORTED_FUNCTIONand I would expect a similar result here and not a fatal error.To reproduce run the following
When stepping through the code the seg fault seems to happen in https://github.com/gssapi/gss-ntlmssp/blob/a14a99672c81fe2d0eebb71edd86055ad190e417/src/ntlm_crypto.c#L870 as the
seal_handlehas not been generated due to sign/seal not being set.Sorry for the massive influx of questions/problems here, just trying to report what I can see when doing tests.