From: Greg Hudson <ghudson@mit.edu>
Date: Fri, 10 Aug 2018 15:58:11 +0000 (-0400)
Subject: Check public_oid in gss_export_cred()
X-Git-Tag: krb5-1.17-beta1~60
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=93de356ec21857dc9e7070ee62997fa8ec3f82c3;p=thirdparty%2Fkrb5.git

Check public_oid in gss_export_cred()

In gss_export_cred(), check the gssint_get_public_oid() result as well
as the gssint_get_mechanism() result.  There are probably no cases
where the former returns NULL and the latter does not, but it is easy
to be more obviously correct.  Reported by Bean Zhang.
---

diff --git a/src/lib/gssapi/mechglue/g_export_cred.c b/src/lib/gssapi/mechglue/g_export_cred.c
index 8f5fe4ad5a..0c273bf14e 100644
--- a/src/lib/gssapi/mechglue/g_export_cred.c
+++ b/src/lib/gssapi/mechglue/g_export_cred.c
@@ -81,7 +81,7 @@ gss_export_cred(OM_uint32 * minor_status, gss_cred_id_t cred_handle,
         mech_oid = &cred->mechs_array[i];
         public_oid = gssint_get_public_oid(mech_oid);
         mech = gssint_get_mechanism(mech_oid);
-        if (mech == NULL) {
+        if (public_oid == GSS_C_NO_OID || mech == NULL) {
             status = GSS_S_DEFECTIVE_CREDENTIAL;
             goto error;
         }