[CONJ-1252] GSSAPI error when exchanges from server starts with 0x01 byte

2025-07-23 05:12:56 +00:00 · 2025-05-19 18:35:14 +02:00
parent 3481f52b33
commit 5281b67fea
2 changed files with 12 additions and 0 deletions
--- a/src/main/java/org/mariadb/jdbc/plugin/authentication/addon/gssapi/StandardGssapiAuthentication.java
+++ b/src/main/java/org/mariadb/jdbc/plugin/authentication/addon/gssapi/StandardGssapiAuthentication.java
@ -93,6 +93,12 @@ public class StandardGssapiAuthentication implements GssapiAuth {
                      break;
                    }
                    ReadableByteBuf buf = in.readReusablePacket();
+
+                    // server cannot allow plugin data packet to start with 0, 255 or 254,
+                    // as connectors would treat it as an OK, Error or authentication switch packet
+                    // server then these bytes with 0x001. Consequently, it escaped 0x01 byte too.
+                    if (buf.getByte() == 0x01) buf.skip();
+
                    inToken = new byte[buf.readableBytes()];
                    buf.readBytes(inToken);
                  }
--- a/src/main/java/org/mariadb/jdbc/plugin/authentication/addon/gssapi/WindowsNativeSspiAuthentication.java
+++ b/src/main/java/org/mariadb/jdbc/plugin/authentication/addon/gssapi/WindowsNativeSspiAuthentication.java
@ -46,6 +46,12 @@ public class WindowsNativeSspiAuthentication implements GssapiAuth {

      // Step 2: read server response token
      ReadableByteBuf buf = in.readReusablePacket();
+
+      // server cannot allow plugin data packet to start with 0, 255 or 254,
+      // as connectors would treat it as an OK, Error or authentication switch packet
+      // server then these bytes with 0x001. Consequently, it escaped 0x01 byte too.
+      if (buf.getByte() == 0x01) buf.skip();
+
      byte[] tokenForTheClientOnTheServer = new byte[buf.readableBytes()];
      buf.readBytes(tokenForTheClientOnTheServer);
      Sspi.SecBufferDesc continueToken =