From 45ec777e0ea78a1194980624ac9127a42b4b29fe Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 14 Jan 2012 11:40:18 +1100
Subject: [PATCH] s3-gse: Make gensec_gse cope with non-DCE GSSAPI

The validation of the mutual authentication reply produces no further
data to send to the server.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/librpc/crypto/gse.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index c7ce38e14f8e..010d52522928 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -350,12 +350,15 @@ static NTSTATUS gse_get_client_auth_token(TALLOC_CTX *mem_ctx,
 		goto done;
 	}
 
-	blob = data_blob_talloc(mem_ctx, out_data.value, out_data.length);
-	if (!blob.data) {
-		status = NT_STATUS_NO_MEMORY;
-	}
+	/* we may be told to return nothing */
+	if (out_data.length) {
+		blob = data_blob_talloc(mem_ctx, out_data.value, out_data.length);
+		if (!blob.data) {
+			status = NT_STATUS_NO_MEMORY;
+		}
 
-	gss_maj = gss_release_buffer(&gss_min, &out_data);
+		gss_maj = gss_release_buffer(&gss_min, &out_data);
+	}
 
 done:
 	*token_out = blob;
-- 
2.34.1