[16547] in Kerberos-V5-bugs
[krbdev.mit.edu #8898] git commit
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Thu May 21 16:35:54 2020
From: "Greg Hudson via RT" <rt@krbdev.mit.edu>
In-Reply-To:
Message-ID: <rt-4.4.4-71950-1590093334-1945.8898-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8898":;
Date: Thu, 21 May 2020 16:35:34 -0400
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8898 >
Fix overzealous SPNEGO src_name/deleg_cred release
Commit 24b844714dea3e47b17511746b5df5b6ddf13d43 (ticket 8845) added
releases of sc->internal_name and sc->deleg_cred before calling the
underlying mech's gss_accept_sec_context(), to avoid a potential leak
if the mech reports a value multiple times. Commit
c2ca2f26eaf817a6a7ed42257c380437ab802bd9 (ticket 8851) added a branch
which calls negoex_accept() instead of calling directly into the
underlying mech. If negoex_accept() doesn't call into the mech on the
last acceptor leg, the src_name and deleg_cred values from the final
mech call are lost.
Move the releases to the non-NegoEx branch. negoex_accept() already
does its own releases when it calls into the mech.
Reported by Luke Howard.
(cherry picked from commit b2fe66fed560ae28917a4acae6f6c0f020156353)
https://github.com/krb5/krb5/commit/781166490aa56efab0c45020f404d672c0c6a414
Author: Greg Hudson <ghudson@mit.edu>
Commit: 781166490aa56efab0c45020f404d672c0c6a414
Branch: krb5-1.18
src/lib/gssapi/spnego/spnego_mech.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
