gss: honor GM_USE_MG_NAME in gss_accept_sec_context()
GM_USE_MG_NAME was not honored in the case where the mechanism emitted a name, but the caller of gss_accept_sec_context() did not request it be returned. This would result in m->gm_release_name() being called on the mechglue name, which would crash either because that function pointer was NULL or because it would have expected a mechanism name.
This commit is contained in:
Luke Howard
@@ -335,11 +335,12 @@ got_one:
|
|||||||
if (mech_type)
|
if (mech_type)
|
||||||
*mech_type = mech_ret_type;
|
*mech_type = mech_ret_type;
|
||||||
|
|
||||||
if (src_name && src_mn && (ctx->gc_mech->gm_flags & GM_USE_MG_NAME)) {
|
if (src_name && src_mn) {
|
||||||
|
if (ctx->gc_mech->gm_flags & GM_USE_MG_NAME) {
|
||||||
/* Negotiation mechanisms use mechglue names as names */
|
/* Negotiation mechanisms use mechglue names as names */
|
||||||
*src_name = src_mn;
|
*src_name = src_mn;
|
||||||
src_mn = GSS_C_NO_NAME;
|
src_mn = GSS_C_NO_NAME;
|
||||||
} else if (src_name && src_mn) {
|
} else {
|
||||||
/*
|
/*
|
||||||
* Make a new name and mark it as an MN.
|
* Make a new name and mark it as an MN.
|
||||||
*
|
*
|
||||||
@@ -355,9 +356,15 @@ got_one:
|
|||||||
}
|
}
|
||||||
*src_name = (gss_name_t) name;
|
*src_name = (gss_name_t) name;
|
||||||
src_mn = GSS_C_NO_NAME;
|
src_mn = GSS_C_NO_NAME;
|
||||||
|
}
|
||||||
} else if (src_mn) {
|
} else if (src_mn) {
|
||||||
|
if (ctx->gc_mech->gm_flags & GM_USE_MG_NAME) {
|
||||||
|
_gss_mg_release_name((struct _gss_name *)src_mn);
|
||||||
|
src_mn = GSS_C_NO_NAME;
|
||||||
|
} else {
|
||||||
m->gm_release_name(minor_status, &src_mn);
|
m->gm_release_name(minor_status, &src_mn);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (mech_ret_flags & GSS_C_DELEG_FLAG) {
|
if (mech_ret_flags & GSS_C_DELEG_FLAG) {
|
||||||
if (!delegated_cred_handle) {
|
if (!delegated_cred_handle) {
|
||||||
|
|||||||
Reference in New Issue
Block a user