From: Greg Hudson Date: Fri, 19 Dec 2025 07:56:55 +0000 (-0500) Subject: Fix minor logic errors X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1473%2Fhead;p=thirdparty%2Fkrb5.git Fix minor logic errors In k5_externalize_auth_context(), serialize the correct field when local_port is set. This is not a reachable bug because the function is only accessible via gss_export_sec_context(), and the GSS library does not set a local port. Commit e50f46b210ddafe85cc917e2571516ade46bc65f fixed a similar bug for remote_port. In krb5_pac_get_types(), correct the allocation of *types_out. (The previous code was safe in spite of its incorrectness, because the size of a pointer is at least as big as the size of uint32_t.) Change make_spnego_tokenTarg_msg() to return 0 on success and -1 on failure, to match make_spnego_tokenInit_msg() and the expectations of its call sites. Commit fdceb225f881e2b1337eebcb9a9443fa4a9be3fd is partly to blame as it changed the return type from int to OM_uint32, but prior to that the function still returned GSS major codes rather than -1 on error. ticket: 9192 --- diff --git a/src/lib/gssapi/spnego/spnego_mech.c b/src/lib/gssapi/spnego/spnego_mech.c index 4a77836433..f0c37c7cdf 100644 --- a/src/lib/gssapi/spnego/spnego_mech.c +++ b/src/lib/gssapi/spnego/spnego_mech.c @@ -138,7 +138,7 @@ make_spnego_tokenInit_msg(spnego_gss_ctx_id_t, gss_buffer_t, OM_uint32, gss_buffer_t, send_token_flag, gss_buffer_t); -static OM_uint32 +static int make_spnego_tokenTarg_msg(uint8_t, gss_OID, gss_buffer_t, gss_buffer_t, send_token_flag, gss_buffer_t); @@ -3698,7 +3698,7 @@ make_spnego_tokenInit_msg(spnego_gss_ctx_id_t spnego_ctx, int negHintsCompat, * gss_accept_sec_context and eventually up to the application program * and over to the client. */ -static OM_uint32 +static int make_spnego_tokenTarg_msg(uint8_t status, gss_OID mech_wanted, gss_buffer_t token, gss_buffer_t mic, send_token_flag sendtoken, @@ -3709,9 +3709,9 @@ make_spnego_tokenTarg_msg(uint8_t status, gss_OID mech_wanted, struct k5buf buf; if (outbuf == GSS_C_NO_BUFFER) - return (GSS_S_DEFECTIVE_TOKEN); + return (-1); if (sendtoken == INIT_TOKEN_SEND && mech_wanted == GSS_C_NO_OID) - return (GSS_S_DEFECTIVE_TOKEN); + return (-1); outbuf->length = 0; outbuf->value = NULL; @@ -3744,7 +3744,7 @@ make_spnego_tokenTarg_msg(uint8_t status, gss_OID mech_wanted, /* Allocate space and prepare a buffer. */ t = gssalloc_malloc(choice_len); if (t == NULL) - return (GSS_S_DEFECTIVE_TOKEN); + return (-1); k5_buf_init_fixed(&buf, t, choice_len); /* Add the choice tag and begin the sequence. */ diff --git a/src/lib/krb5/krb/pac.c b/src/lib/krb5/krb/pac.c index 7e33387454..1232ce7fa1 100644 --- a/src/lib/krb5/krb/pac.c +++ b/src/lib/krb5/krb/pac.c @@ -185,7 +185,7 @@ krb5_pac_get_types(krb5_context context, krb5_pac pac, size_t *len_out, { size_t i; - *types_out = calloc(pac->nbuffers, sizeof(*types_out)); + *types_out = calloc(pac->nbuffers, sizeof(**types_out)); if (*types_out == NULL) return ENOMEM; diff --git a/src/lib/krb5/krb/ser_actx.c b/src/lib/krb5/krb/ser_actx.c index ed8e25596b..01089e4f70 100644 --- a/src/lib/krb5/krb/ser_actx.c +++ b/src/lib/krb5/krb/ser_actx.c @@ -185,7 +185,7 @@ k5_externalize_auth_context(krb5_auth_context auth_context, /* Now handle local_port, if appropriate */ if (!kret && auth_context->local_port) { (void) krb5_ser_pack_int32(TOKEN_LPORT, &bp, &remain); - kret = k5_externalize_address(auth_context->local_addr, + kret = k5_externalize_address(auth_context->local_port, &bp, &remain); }