From: Greg Hudson <ghudson@mit.edu>
Date: Wed, 25 Nov 2015 19:43:35 +0000 (-0500)
Subject: Fix memory leak in SPNEGO gss_init_sec_context()
X-Git-Tag: krb5-1.13.4-final~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fd0eb62f85e1f57d07aec72bec73a90f5032b60b;p=thirdparty%2Fkrb5.git

Fix memory leak in SPNEGO gss_init_sec_context()

After the initial call to spnego_gss_init_sec_context(), the context
handle can leak if init_ctx_cont() returns an error, because the
cleanup handler assumes that spnego_ctx contains the value of
*context_handle.  Fix this leak by setting spnego_ctx before the if
block which contains that call.  Reported by Adam Bernstein.

(cherry picked from commit 159dbbd5ff14fdc2fa71fb3a8804eb401c914399)

ticket: 8281
version_fixed: 1.13.4
tags: -pullup
status: resolved
---

diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c
index ec38eea1e6..ce157c5ba7 100644
--- a/src/lib/gssapi/spnego/spnego_mech.c
+++ b/src/lib/gssapi/spnego/spnego_mech.c
@@ -1024,7 +1024,8 @@ spnego_gss_init_sec_context(
 
 	/* Step 1: perform mechanism negotiation. */
 	spcred = (spnego_gss_cred_id_t)claimant_cred_handle;
-	if (*context_handle == GSS_C_NO_CONTEXT) {
+	spnego_ctx = (spnego_gss_ctx_id_t)*context_handle;
+	if (spnego_ctx == NULL) {
 		ret = init_ctx_new(minor_status, spcred,
 				   context_handle, &send_token);
 		if (ret != GSS_S_CONTINUE_NEEDED) {