From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 8 Oct 2014 00:22:52 +0000 (-0400)
Subject: Use gssalloc_malloc for GSS error tokens
X-Git-Tag: krb5-1.13.1-final~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9443dd349fccd3b4a72551a99a91cd6c8296bc55;p=thirdparty%2Fkrb5.git

Use gssalloc_malloc for GSS error tokens

In kg_accept_krb5, use gssalloc_malloc when allocating space for the
error token, since it will be freed with gssalloc_free.  Using malloc
can cause heap corruption on Windows.  This bug was masked by #1445
before 1.12.

(cherry picked from commit 68cfc8b4e6338b78dce5a960ce47974a73906fac)

ticket: 8024
version_fixed: 1.13.1
status: resolved
---

diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c
index 45e18412b9..014d24bdae 100644
--- a/src/lib/gssapi/krb5/accept_sec_context.c
+++ b/src/lib/gssapi/krb5/accept_sec_context.c
@@ -1243,7 +1243,7 @@ fail:
         toktype = KG_TOK_CTX_ERROR;
 
         token.length = g_token_size(mech_used, tmsglen);
-        token.value = (unsigned char *) xmalloc(token.length);
+        token.value = gssalloc_malloc(token.length);
         if (!token.value)
             goto done;