oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: zero spnego mechanism token error buffer

Browse Source 
Ensure mechanism error token buffer, which is allocated on the stack, is zero'd
out before freeing containing ASN.1 structure
This commit is contained in:
Luke Howard
2021-08-02 15:54:38 +10:00
parent 33cc416e36
commit 73224fef5a
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
lib/gssapi/spnego/accept_sec_context.c
View File

@@ -35,7 +35,7 @@
static OM_uint32 static OM_uint32
send_reject (OM_uint32 *minor_status, send_reject (OM_uint32 *minor_status,
gss_buffer_t mech_token, gss_const_buffer_t mech_token,
gss_buffer_t output_token) gss_buffer_t output_token)
{ {
NegotiationToken nt; NegotiationToken nt;
@@ -64,6 +64,7 @@ send_reject (OM_uint32 *minor_status,
ASN1_MALLOC_ENCODE(NegotiationToken, ASN1_MALLOC_ENCODE(NegotiationToken,
output_token->value, output_token->length, &nt, output_token->value, output_token->length, &nt,
&size, *minor_status); &size, *minor_status);
nt.u.negTokenResp.responseToken = NULL; /* allocated on stack */
free_NegotiationToken(&nt); free_NegotiationToken(&nt);
if (*minor_status != 0) if (*minor_status != 0)
return GSS_S_FAILURE; return GSS_S_FAILURE;