Hans Leidekker (@hans) commented about dlls/kerberos/krb5_ap.c:
{ struct context_handle *context_handle = (void *)context; - struct verify_signature_params params = { context_handle->handle, message, quality_of_protection }; + struct verify_signature_params params; + int data_idx, token_idx; + + if ((data_idx = get_buffer_index( message, SECBUFFER_DATA )) == -1) return SEC_E_INVALID_TOKEN; + if ((token_idx = get_buffer_index( message, SECBUFFER_TOKEN )) == -1) return SEC_E_INVALID_TOKEN; + + params.context = context_handle->handle; + params.data_length = message->pBuffers[data_idx].cbBuffer; + params.data = message->pBuffers[data_idx].pvBuffer; + params.token_length = message->pBuffers[token_idx].cbBuffer; + params.token = message->pBuffers[token_idx].pvBuffer; + return KRB5_CALL( verify_signature, ¶ms );
quality_of_protection should still be passed to the Unix call. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/146#note_1375