From: Simo Sorce Date: Tue, 14 Aug 2012 13:14:15 +0000 (+0200) Subject: Avoid leaks on gss_accept_sec_context errors X-Git-Tag: krb5-1.11-alpha1~173 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=56feee187579905c9101b0cdbdd8c6a850adcfc9;p=thirdparty%2Fkrb5.git Avoid leaks on gss_accept_sec_context errors Failure handling during the postprocessing of mech->gss_accept_sec_context was inconsistent. In one case we delete the output token but leave the partly-constructed context present in *context_handle (violating RFC 2744 if this is the first call); in other cases we leave the output token in the caller's buffer but do destroy the partly-constructed context. Make this more consistent by always destroying the output token and partly-constructed context. (RFC 2744 prefers, but does not require, leaving the partly-constructed context present on error if it was present on entry. At the moment we are ignoring that preference.) [ghudson@mit.edu: Rewrote commit message with more details] --- diff --git a/src/lib/gssapi/mechglue/g_accept_sec_context.c b/src/lib/gssapi/mechglue/g_accept_sec_context.c index f6afc4517e..85e41d3101 100644 --- a/src/lib/gssapi/mechglue/g_accept_sec_context.c +++ b/src/lib/gssapi/mechglue/g_accept_sec_context.c @@ -236,12 +236,10 @@ gss_cred_id_t * d_cred; &temp_minor_status, mech, internal_name, &tmp_src_name); if (temp_status != GSS_S_COMPLETE) { + status = temp_status; *minor_status = temp_minor_status; map_error(minor_status, mech); - if (output_token->length) - (void) gss_release_buffer(&temp_minor_status, - output_token); - return (temp_status); + goto error_out; } *src_name = tmp_src_name; } else @@ -329,6 +327,9 @@ error_out: (void) gss_release_buffer(&temp_minor_status, (gss_buffer_t)tmp_src_name); + if (output_token->length) + (void) gss_release_buffer(&temp_minor_status, output_token); + return (status); } #endif /* LEAN_CLIENT */