From: Isaac Boukris <iboukris@gmail.com>
Date: Sat, 4 Mar 2017 19:23:32 +0000 (+0200)
Subject: Allow null outputs to gss_get_name_attribute()
X-Git-Tag: krb5-1.16-beta1~136
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F613%2Fhead;p=thirdparty%2Fkrb5.git

Allow null outputs to gss_get_name_attribute()

In krb5_gss_get_name_attribute(), always ask for kvalue and
kdisplay_value when calling krb5_authdata_get_attribute(), as it
currently expect non-null arguments.  This change allows applications
to pass GSS_C_NO_BUFFER for the value and display_value output
parameters.  (Passing NULL for the authenticated and complete output
parameters already works.)

[ghudson@mit.edu: initialized kvalue and kdisplay_value for safety]

ticket: 8557 (new)
target_version: 1.15-next
target_version: 1.14-next
tags: pullup
---

diff --git a/src/lib/gssapi/krb5/naming_exts.c b/src/lib/gssapi/krb5/naming_exts.c
index 6062a6dd80..0edb4b8ace 100644
--- a/src/lib/gssapi/krb5/naming_exts.c
+++ b/src/lib/gssapi/krb5/naming_exts.c
@@ -319,8 +319,8 @@ krb5_gss_get_name_attribute(OM_uint32 *minor_status,
     krb5_data kattr;
     krb5_boolean kauthenticated;
     krb5_boolean kcomplete;
-    krb5_data kvalue;
-    krb5_data kdisplay_value;
+    krb5_data kvalue = empty_data();
+    krb5_data kdisplay_value = empty_data();
 
     if (minor_status != NULL)
         *minor_status = 0;
@@ -355,8 +355,8 @@ krb5_gss_get_name_attribute(OM_uint32 *minor_status,
                                        &kattr,
                                        &kauthenticated,
                                        &kcomplete,
-                                       value ? &kvalue : NULL,
-                                       display_value ? &kdisplay_value : NULL,
+                                       &kvalue,
+                                       &kdisplay_value,
                                        more);
     if (code == 0) {
         if (value != NULL)
@@ -367,14 +367,13 @@ krb5_gss_get_name_attribute(OM_uint32 *minor_status,
         if (complete != NULL)
             *complete = kcomplete;
 
-        if (display_value != NULL) {
-            if (code == 0)
-                code = data_to_gss(&kdisplay_value, display_value);
-            else
-                free(kdisplay_value.data);
-        }
+        if (display_value != NULL && code == 0)
+            code = data_to_gss(&kdisplay_value, display_value);
     }
 
+    free(kdisplay_value.data);
+    free(kvalue.data);
+
     k5_mutex_unlock(&kname->lock);
     krb5_free_context(context);