From df13f814e5fdbad4c86eb160055ac490adc052c7 Mon Sep 17 00:00:00 2001 From: Solly Ross Date: Thu, 27 Aug 2015 15:55:35 -0400 Subject: [PATCH] Check for null name_type in gss_display_name_ext It is possible for the input name's name_type to be GSS_C_NO_OID. g_OID_equal() does not account for GSS_C_NO_OID, so we have to manually check before use to prevent null pointer dereferences. (cherry picked from commit 3fdf09ac9a36581b47f40c9d177e463cc12687ff) ticket: 8310 (new) version_fixed: 1.12.5 status: resolved --- src/lib/gssapi/mechglue/g_dsp_name_ext.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/lib/gssapi/mechglue/g_dsp_name_ext.c b/src/lib/gssapi/mechglue/g_dsp_name_ext.c index 14326a30f6..be08dd16c4 100644 --- a/src/lib/gssapi/mechglue/g_dsp_name_ext.c +++ b/src/lib/gssapi/mechglue/g_dsp_name_ext.c @@ -94,6 +94,7 @@ gss_display_name_ext (OM_uint32 *minor_status, status = GSS_S_BAD_NAME; else if (mech->gss_display_name_ext == NULL) { if (mech->gss_display_name != NULL && + union_name->name_type != GSS_C_NO_OID && g_OID_equal(display_as_name_type, union_name->name_type)) { status = (*mech->gss_display_name)(minor_status, union_name->mech_name, @@ -114,7 +115,8 @@ gss_display_name_ext (OM_uint32 *minor_status, return status; } - if (!g_OID_equal(display_as_name_type, union_name->name_type)) + if (union_name->name_type == GSS_C_NO_OID || + !g_OID_equal(display_as_name_type, union_name->name_type)) return GSS_S_UNAVAILABLE; if ((output_name_buffer->value = -- 2.47.2