[30271] in CVS-changelog-for-Kerberos-V5
krb5 commit: Check public_oid in gss_export_cred()
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Aug 13 17:46:25 2018
Date: Mon, 13 Aug 2018 17:46:19 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201808132146.w7DLkJFq006346@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/93de356ec21857dc9e7070ee62997fa8ec3f82c3
commit 93de356ec21857dc9e7070ee62997fa8ec3f82c3
Author: Greg Hudson <ghudson@mit.edu>
Date: Fri Aug 10 11:58:11 2018 -0400
Check public_oid in gss_export_cred()
In gss_export_cred(), check the gssint_get_public_oid() result as well
as the gssint_get_mechanism() result. There are probably no cases
where the former returns NULL and the latter does not, but it is easy
to be more obviously correct. Reported by Bean Zhang.
src/lib/gssapi/mechglue/g_export_cred.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_export_cred.c b/src/lib/gssapi/mechglue/g_export_cred.c
index 8f5fe4a..0c273bf 100644
--- a/src/lib/gssapi/mechglue/g_export_cred.c
+++ b/src/lib/gssapi/mechglue/g_export_cred.c
@@ -81,7 +81,7 @@ gss_export_cred(OM_uint32 * minor_status, gss_cred_id_t cred_handle,
mech_oid = &cred->mechs_array[i];
public_oid = gssint_get_public_oid(mech_oid);
mech = gssint_get_mechanism(mech_oid);
- if (mech == NULL) {
+ if (public_oid == GSS_C_NO_OID || mech == NULL) {
status = GSS_S_DEFECTIVE_CREDENTIAL;
goto error;
}
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5