Check output params on GSS OID set functions

Add sanity checks for the output parameters of
generic_gss_create_empty_oid_set() and
generic_gss_add_oid_set_member(), which are used directly by the API
functions gss_create_empty_oid_set() and gss_add_oid_set_member().

[ghudson@mit.edu: edit commit message]

(cherry picked from commit c9e035794caa784b6cdf416e2b3f1d641d011390)

ticket: 8294 (new)
version_fixed: 1.13
status: resolved

diff --git a/src/lib/gssapi/generic/oid_ops.c b/src/lib/gssapi/generic/oid_ops.c
index 5ad02fceca57b6d4471b195b8aeae93d7095e234..6e294b9bcf941cb4bc26db7b4bd53d59063f49fd 100644 (file)
--- a/src/lib/gssapi/generic/oid_ops.c
+++ b/src/lib/gssapi/generic/oid_ops.c
@@ -137,6 +137,9 @@ generic_gss_create_empty_oid_set(OM_uint32 *minor_status, gss_OID_set *oid_set)
 {
     *minor_status = 0;
 
+    if (oid_set == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
     if ((*oid_set = (gss_OID_set) gssalloc_malloc(sizeof(gss_OID_set_desc)))) {
         memset(*oid_set, 0, sizeof(gss_OID_set_desc));
         return(GSS_S_COMPLETE);
@@ -161,6 +164,9 @@ generic_gss_add_oid_set_member(OM_uint32 *minor_status,
         member_oid->elements == NULL)
         return (GSS_S_CALL_INACCESSIBLE_READ);
 
+    if (oid_set == NULL)
+        return GSS_S_CALL_INACCESSIBLE_WRITE;
+
     elist = (*oid_set)->elements;
     /* Get an enlarged copy of the array */
     if (((*oid_set)->elements = (gss_OID) gssalloc_malloc(((*oid_set)->count+1) *