[29239] in CVS-changelog-for-Kerberos-V5
krb5 commit [krb5-1.14]: Check internal context on init context errors
daemon@ATHENA.MIT.EDU (Tom Yu)
Thu Jan 7 16:28:16 2016
Date: Thu, 7 Jan 2016 16:28:12 -0500
From: Tom Yu <tlyu@mit.edu>
Message-Id: <201601072128.u07LSCdU005419@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/8917552b578608f99d3c38b58fdddeb78ab4bbb8
commit 8917552b578608f99d3c38b58fdddeb78ab4bbb8
Author: Simo Sorce <simo@redhat.com>
Date: Tue Jan 5 12:11:59 2016 -0500
Check internal context on init context errors
If the mechanism deletes the internal context handle on error, the
mechglue must do the same with the union context, to avoid crashes if
the application calls other functions with this invalid union context.
[ghudson@mit.edu: edit commit message and code comment]
(cherry picked from commit 3beb564cea3d219efcf71682b6576cad548c2d23)
ticket: 8337
version_fixed: 1.14.1
src/lib/gssapi/mechglue/g_init_sec_context.c | 11 +++++++----
1 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
index aaae767..9f154b8 100644
--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
@@ -224,12 +224,15 @@ OM_uint32 * time_rec;
if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
/*
- * the spec says (the preferred) method is to delete all
- * context info on the first call to init, and on all
- * subsequent calls make the caller responsible for
- * calling gss_delete_sec_context
+ * The spec says the preferred method is to delete all context info on
+ * the first call to init, and on all subsequent calls make the caller
+ * responsible for calling gss_delete_sec_context. However, if the
+ * mechanism decided to delete the internal context, we should also
+ * delete the union context.
*/
map_error(minor_status, mech);
+ if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
+ *context_handle = GSS_C_NO_CONTEXT;
if (*context_handle == GSS_C_NO_CONTEXT) {
free(union_ctx_id->mech_type->elements);
free(union_ctx_id->mech_type);
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
