Potential bug in (kernel mode) InitializeSecurityContext (SSPI)

I believe I have determined that the kernel-mode SSPI API
InitializeSecurityContext() is not clearing the internal sequence number
field. This causes VerifySignature() to erroneously return
SEC_E_OUT_OF_SEQUENCE on a valid (in sequence) call. I have a user-mode
test application that uses essentially the same code (aside from changes to
the parameter types specific to the kernel-mode interface) and it behaves
correctly.

I have determined that the user-mode InitializeSecurityContext() zeroes the
sequence number field on the first call (as expected) by examining the
internal data structure associated with the context.

I initially thought it may be an issue of the context requirements flags
(ISC_REQ_xxx) being set incorrectly for the call to
InitializeSecurityContext(), but using all workable combinations yielded the
same result.

The operating system is retail Windows 2000 Professional (with and without
SP1).
The security package being utilized is Kerberos.

Any assistance is greatly appreciated.

Mike.


Mike Frisch
Software Engineer, Connectivity
Hummingbird Ltd. (www.hummingbird.com)


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com