diff --git a/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c b/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c index 4a778364336..1dd0f170651 100644 --- a/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c +++ b/crypto/krb5/src/lib/gssapi/spnego/spnego_mech.c @@ -3517,6 +3517,8 @@ get_negTokenResp(OM_uint32 *minor_status, struct k5input *in, if (k5_der_get_value(&seq, CONTEXT | 0x03, &field)) { *mechListMIC = get_octet_string(&field); + if (*mechListMIC == GSS_C_NO_BUFFER) + return GSS_S_DEFECTIVE_TOKEN; /* Handle Windows 2000 duplicate response token */ if (*responseToken &&