oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Don't use mech default cred when input cred isn't

Browse Source 
gss_init_sec_context() with input_cred_handle != GSS_C_NO_CREDENTIAL
should NOT proceed if there is no element in the given credential for
the requested mechanism.
This commit is contained in:
Nicolas Williams
2015-04-17 10:49:39 -05:00
parent 420c080a8f
commit 290e2430c4
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/gssapi/mech/gss_init_sec_context.c
View File

@@ -172,7 +172,7 @@ gss_init_sec_context(OM_uint32 * minor_status,
major_status = _gss_find_mn(minor_status, name, mech_type, &mn);
if (major_status != GSS_S_COMPLETE) {
if (allocated_ctx)
free(ctx);
free(ctx);
return major_status;
}
@@ -184,6 +184,13 @@ gss_init_sec_context(OM_uint32 * minor_status,
else
cred_handle = _gss_mech_cred_find(initiator_cred_handle, mech_type);
if (initiator_cred_handle != GSS_C_NO_CREDENTIAL &&
cred_handle == NULL) {
if (allocated_ctx)
free(ctx);
return GSS_S_NO_CRED;
}
major_status = m->gm_init_sec_context(minor_status,
cred_handle,
&ctx->gc_ctx,