[1532] in Kerberos-V5-bugs
can't delete an incomplete security context
daemon@ATHENA.MIT.EDU (Dan Nessett)
Fri Jul 7 16:37:54 1995
Date: Fri, 7 Jul 1995 13:36:26 -0700 (PDT)
From: Danny.Nessett@Eng.Sun.COM (Dan Nessett)
To: krb5-bugs@MIT.EDU
Cc: warlord@jurassic.Eng.Sun.COM
There is a bug in src/lib/gssapi/krb5/delete_sec_context.c. An incomplete
context cannot be deleted it if a non-null token buffer is specified in
the call to :
krb5_gss_delete_sec_context()
In particular, the code :
/* construct a delete context token if necessary */
if (output_token) {
OM_uint32 major;
gss_buffer_desc empty;
empty.length = 0; empty.value = NULL;
if (major = kg_seal(minor_status, *context_handle, 0, GSS_C_QOP_DEFAULT,
&empty, NULL, output_token, KG_TOK_DEL_CTX))
return(major);
}
will call kg_seal(), which fails if the context isn't established. Specifically,
ctx = (krb5_gss_ctx_id_rec *) context_handle;
if (! ctx->established) {
*minor_status = KG_CTX_INCOMPLETE;
return(GSS_S_NO_CONTEXT);
}
The suggested fix is to test whether the context is established or not in
krb5_gss_delete_sec_context(). I.e.,
/* construct a delete context token if necessary */
if (output_token &&
((krb5_gss_ctx_id_rec *) context_handle)->established) {
....
Dan
