Fix minor logic errors

In k5_externalize_auth_context(), serialize the correct field when
local_port is set.  This is not a reachable bug because the function
is only accessible via gss_export_sec_context(), and the GSS library
does not set a local port.  Commit
e50f46b210ddafe85cc917e2571516ade46bc65f fixed a similar bug for
remote_port.

In krb5_pac_get_types(), correct the allocation of *types_out.  (The
previous code was safe in spite of its incorrectness, because the size
of a pointer is at least as big as the size of uint32_t.)

Change make_spnego_tokenTarg_msg() to return 0 on success and -1 on
failure, to match make_spnego_tokenInit_msg() and the expectations of
its call sites.  Commit fdceb225f881e2b1337eebcb9a9443fa4a9be3fd is
partly to blame as it changed the return type from int to OM_uint32,
but prior to that the function still returned GSS major codes rather
than -1 on error.

ticket: 9192

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index 4a778364336ebac5e646b0475dd7b38de979fdf1..f0c37c7cdfc8300200eacbac853afa757069d6e1 100644 (file)
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -138,7 +138,7 @@ make_spnego_tokenInit_msg(spnego_gss_ctx_id_t,
                        gss_buffer_t,
                        OM_uint32, gss_buffer_t, send_token_flag,
                        gss_buffer_t);
-static OM_uint32
+static int
 make_spnego_tokenTarg_msg(uint8_t, gss_OID, gss_buffer_t,
                        gss_buffer_t, send_token_flag,
                        gss_buffer_t);
@@ -3698,7 +3698,7 @@ make_spnego_tokenInit_msg(spnego_gss_ctx_id_t spnego_ctx, int negHintsCompat,
  * gss_accept_sec_context and eventually up to the application program
  * and over to the client.
  */
-static OM_uint32
+static int
 make_spnego_tokenTarg_msg(uint8_t status, gss_OID mech_wanted,
                          gss_buffer_t token, gss_buffer_t mic,
                          send_token_flag sendtoken,
@@ -3709,9 +3709,9 @@ make_spnego_tokenTarg_msg(uint8_t status, gss_OID mech_wanted,
        struct k5buf buf;
 
        if (outbuf == GSS_C_NO_BUFFER)
-               return (GSS_S_DEFECTIVE_TOKEN);
+               return (-1);
        if (sendtoken == INIT_TOKEN_SEND && mech_wanted == GSS_C_NO_OID)
-               return (GSS_S_DEFECTIVE_TOKEN);
+               return (-1);
 
        outbuf->length = 0;
        outbuf->value = NULL;
@@ -3744,7 +3744,7 @@ make_spnego_tokenTarg_msg(uint8_t status, gss_OID mech_wanted,
        /* Allocate space and prepare a buffer. */
        t = gssalloc_malloc(choice_len);
        if (t == NULL)
-               return (GSS_S_DEFECTIVE_TOKEN);
+               return (-1);
        k5_buf_init_fixed(&buf, t, choice_len);
 
        /* Add the choice tag and begin the sequence. */

diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c
index 7e333874546af2f8e3d3fd69b238166f1116e0af..1232ce7fa1cd0eb61654dbfcc4a87f43f6f047b3 100644 (file)
--- a/src/lib/krb5/krb/pac.c
+++ b/src/lib/krb5/krb/pac.c
@@ -185,7 +185,7 @@ krb5_pac_get_types(krb5_context context, krb5_pac pac, size_t *len_out,
 {
     size_t i;
 
-    *types_out = calloc(pac->nbuffers, sizeof(*types_out));
+    *types_out = calloc(pac->nbuffers, sizeof(**types_out));
     if (*types_out == NULL)
         return ENOMEM;
 

diff --git a/src/lib/krb5/krb/ser_actx.c b/src/lib/krb5/krb/ser_actx.c
index ed8e25596b5d9f5607c3e337756698b92eb8ff08..01089e4f707e2b3b8c464366bf0eca308caf8b97 100644 (file)
--- a/src/lib/krb5/krb/ser_actx.c
+++ b/src/lib/krb5/krb/ser_actx.c
@@ -185,7 +185,7 @@ k5_externalize_auth_context(krb5_auth_context auth_context,
             /* Now handle local_port, if appropriate */
             if (!kret && auth_context->local_port) {
                 (void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain);
-                kret = k5_externalize_address(auth_context->local_addr,
+                kret = k5_externalize_address(auth_context->local_port,
                                               &bp, &remain);
             }