oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: honor GM_USE_MG_NAME in gss_accept_sec_context()

Browse Source 
GM_USE_MG_NAME was not honored in the case where the mechanism emitted a name,
but the caller of gss_accept_sec_context() did not request it be returned. This
would result in m->gm_release_name() being called on the mechglue name, which
would crash either because that function pointer was NULL or because it would
have expected a mechanism name.
This commit is contained in:
Luke Howard
2021-08-01 21:41:03 +10:00
parent b8728cae14
commit 221c295d5d
1 changed files with 26 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
lib/gssapi/mech/gss_accept_sec_context.c
View File

@@ -335,28 +335,35 @@ got_one:
if (mech_type)
*mech_type = mech_ret_type;
if (src_name && src_mn && (ctx->gc_mech->gm_flags & GM_USE_MG_NAME)) {
/* Negotiation mechanisms use mechglue names as names */
*src_name = src_mn;
src_mn = GSS_C_NO_NAME;
} else if (src_name && src_mn) {
/*
* Make a new name and mark it as an MN.
*
* Note that _gss_create_name() consumes `src_mn' but doesn't
* take a pointer, so it can't set it to GSS_C_NO_NAME.
*/
struct _gss_name *name = _gss_create_name(src_mn, m);
if (src_name && src_mn) {
if (ctx->gc_mech->gm_flags & GM_USE_MG_NAME) {
/* Negotiation mechanisms use mechglue names as names */
*src_name = src_mn;
src_mn = GSS_C_NO_NAME;
} else {
/*
* Make a new name and mark it as an MN.
*
* Note that _gss_create_name() consumes `src_mn' but doesn't
* take a pointer, so it can't set it to GSS_C_NO_NAME.
*/
struct _gss_name *name = _gss_create_name(src_mn, m);
if (!name) {
m->gm_release_name(minor_status, &src_mn);
gss_delete_sec_context(&junk, context_handle, NULL);
return (GSS_S_FAILURE);
if (!name) {
m->gm_release_name(minor_status, &src_mn);
gss_delete_sec_context(&junk, context_handle, NULL);
return (GSS_S_FAILURE);
}
*src_name = (gss_name_t) name;
src_mn = GSS_C_NO_NAME;
}
*src_name = (gss_name_t) name;
src_mn = GSS_C_NO_NAME;
} else if (src_mn) {
m->gm_release_name(minor_status, &src_mn);
if (ctx->gc_mech->gm_flags & GM_USE_MG_NAME) {
_gss_mg_release_name((struct _gss_name *)src_mn);
src_mn = GSS_C_NO_NAME;
} else {
m->gm_release_name(minor_status, &src_mn);
}
}
if (mech_ret_flags & GSS_C_DELEG_FLAG) {