[27856] in CVS-changelog-for-Kerberos-V5
krb5 commit: Make the PKINIT NSS path also check for NULL certs
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jul 18 00:59:06 2013
Date: Thu, 18 Jul 2013 00:58:55 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201307180458.r6I4wtSe018628@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/8899397ab78ea09b8d7dbb20347dd12c93eb15ee
commit 8899397ab78ea09b8d7dbb20347dd12c93eb15ee
Author: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Tue Jul 9 14:13:16 2013 -0400
Make the PKINIT NSS path also check for NULL certs
When called to free identity information, do what the OpenSSL-based
version does, and error out if the identity information is NULL.
src/plugins/preauth/pkinit/pkinit_crypto_nss.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
index 1b2172c..56a2170 100644
--- a/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
+++ b/src/plugins/preauth/pkinit/pkinit_crypto_nss.c
@@ -2985,7 +2985,12 @@ crypto_free_cert_info(krb5_context context,
pkinit_req_crypto_context req_cryptoctx,
pkinit_identity_crypto_context id_cryptoctx)
{
- return 0; /* Maybe should we nuke the id_certs list here? */
+ /* Mimic the OpenSSL-based implementation's check first. */
+ if (id_cryptoctx == NULL)
+ return EINVAL;
+
+ /* Maybe should we nuke the id_certs list here? */
+ return 0;
}
/* Count how many candidate "self" certificates and keys we have. We could as
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5