From: Ondřej Surý <ondrej@sury.org>
Date: Wed, 18 Mar 2026 00:00:39 +0000 (+0100)
Subject: Fix GSS context leak when principal name is empty
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53056796334be7810a427f491679bceba729580a;p=thirdparty%2Fbind9.git

Fix GSS context leak when principal name is empty

When gss_accept_sec_context() completes successfully but
gss_display_name() returns an empty principal, the GSS context
was leaked — it was neither stored in a key nor deleted.

Delete the context and reject with BADKEY in this case.  This
should only occur due to a GSS library bug, since a completed
context should always have a valid principal.
---

diff --git a/lib/dns/tkey.c b/lib/dns/tkey.c
index 42deb423a2b..03615f07e5c 100644
--- a/lib/dns/tkey.c
+++ b/lib/dns/tkey.c
@@ -200,6 +200,11 @@ process_gsstkey(dns_message_t *msg, dns_name_t *name, dns_rdata_tkey_t *tkeyin,
 		if (tsigkey != NULL) {
 			dns_tsigkey_detach(&tsigkey);
 		}
+		dst_gssapi_deletectx(tctx->mctx, &gss_ctx);
+		tkeyout->error = dns_tsigerror_badkey;
+		tkey_log("process_gsstkey(): "
+			 "completed context with empty principal");
+		return ISC_R_SUCCESS;
 	} else if (tsigkey == NULL) {
 #if HAVE_GSSAPI
 		OM_uint32 gret, minor, lifetime;