[27024] in CVS-changelog-for-Kerberos-V5
krb5 commit: Avoid leaks on gss_accept_sec_context errors
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Sep 16 11:09:36 2012
Date: Sun, 16 Sep 2012 11:09:30 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201209161509.q8GF9Upf008774@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/56feee187579905c9101b0cdbdd8c6a850adcfc9
commit 56feee187579905c9101b0cdbdd8c6a850adcfc9
Author: Simo Sorce <simo@redhat.com>
Date: Tue Aug 14 15:14:15 2012 +0200
Avoid leaks on gss_accept_sec_context errors
Failure handling during the postprocessing of
mech->gss_accept_sec_context was inconsistent. In one case we delete
the output token but leave the partly-constructed context present in
*context_handle (violating RFC 2744 if this is the first call); in
other cases we leave the output token in the caller's buffer but do
destroy the partly-constructed context. Make this more consistent by
always destroying the output token and partly-constructed context.
(RFC 2744 prefers, but does not require, leaving the
partly-constructed context present on error if it was present on
entry. At the moment we are ignoring that preference.)
[ghudson@mit.edu: Rewrote commit message with more details]
src/lib/gssapi/mechglue/g_accept_sec_context.c | 9 +++++----
1 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c
index f6afc45..85e41d3 100644
--- a/src/lib/gssapi/mechglue/g_accept_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c
@@ -236,12 +236,10 @@ gss_cred_id_t * d_cred;
&temp_minor_status, mech,
internal_name, &tmp_src_name);
if (temp_status != GSS_S_COMPLETE) {
+ status = temp_status;
*minor_status = temp_minor_status;
map_error(minor_status, mech);
- if (output_token->length)
- (void) gss_release_buffer(&temp_minor_status,
- output_token);
- return (temp_status);
+ goto error_out;
}
*src_name = tmp_src_name;
} else
@@ -329,6 +327,9 @@ error_out:
(void) gss_release_buffer(&temp_minor_status,
(gss_buffer_t)tmp_src_name);
+ if (output_token->length)
+ (void) gss_release_buffer(&temp_minor_status, output_token);
+
return (status);
}
#endif /* LEAN_CLIENT */
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
