Check internal context on init context errors

If the mechanism deletes the internal context handle on error, the
mechglue must do the same with the union context, to avoid crashes if
the application calls other functions with this invalid union context.

[ghudson@mit.edu: edit commit message and code comment]

ticket: 8337 (new)
target_version: 1.14-next
target_version: 1.13-next
tags: pullup

diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c
index aaae7671d0cdb156d0ba6da4410823b3ed7b1794..9f154b8936d0f734cae15a503d0ae69101afbabd 100644 (file)
--- a/src/lib/gssapi/mechglue/g_init_sec_context.c
+++ b/src/lib/gssapi/mechglue/g_init_sec_context.c
@@ -224,12 +224,15 @@ OM_uint32 *               time_rec;
 
     if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) {
        /*
-        * the spec says (the preferred) method is to delete all
-        * context info on the first call to init, and on all
-        * subsequent calls make the caller responsible for
-        * calling gss_delete_sec_context
+        * The spec says the preferred method is to delete all context info on
+        * the first call to init, and on all subsequent calls make the caller
+        * responsible for calling gss_delete_sec_context.  However, if the
+        * mechanism decided to delete the internal context, we should also
+        * delete the union context.
         */
        map_error(minor_status, mech);
+       if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT)
+           *context_handle = GSS_C_NO_CONTEXT;
        if (*context_handle == GSS_C_NO_CONTEXT) {
            free(union_ctx_id->mech_type->elements);
            free(union_ctx_id->mech_type);