From: Simo Sorce Date: Tue, 5 Jan 2016 17:11:59 +0000 (-0500) Subject: Check internal context on init context errors X-Git-Tag: krb5-1.13.4-final~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac6ee6338cbf93a1b2bda3c4ebfeab0df56128fe;p=thirdparty%2Fkrb5.git Check internal context on init context errors If the mechanism deletes the internal context handle on error, the mechglue must do the same with the union context, to avoid crashes if the application calls other functions with this invalid union context. [ghudson@mit.edu: edit commit message and code comment] (cherry picked from commit 3beb564cea3d219efcf71682b6576cad548c2d23) ticket: 8337 version_fixed: 1.13.4 tags: -pullup status: resolved --- diff --git a/src/lib/gssapi/mechglue/g_init_sec_context.c b/src/lib/gssapi/mechglue/g_init_sec_context.c index aaae7671d0..9f154b8936 100644 --- a/src/lib/gssapi/mechglue/g_init_sec_context.c +++ b/src/lib/gssapi/mechglue/g_init_sec_context.c @@ -224,12 +224,15 @@ OM_uint32 * time_rec; if (status != GSS_S_COMPLETE && status != GSS_S_CONTINUE_NEEDED) { /* - * the spec says (the preferred) method is to delete all - * context info on the first call to init, and on all - * subsequent calls make the caller responsible for - * calling gss_delete_sec_context + * The spec says the preferred method is to delete all context info on + * the first call to init, and on all subsequent calls make the caller + * responsible for calling gss_delete_sec_context. However, if the + * mechanism decided to delete the internal context, we should also + * delete the union context. */ map_error(minor_status, mech); + if (union_ctx_id->internal_ctx_id == GSS_C_NO_CONTEXT) + *context_handle = GSS_C_NO_CONTEXT; if (*context_handle == GSS_C_NO_CONTEXT) { free(union_ctx_id->mech_type->elements); free(union_ctx_id->mech_type);