From 7cdc9934b1f57cd130f9561c624f799485dd980f Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Mon, 27 Apr 2020 14:38:33 +1000
Subject: [PATCH] gss: initialize output parameters in NegoEx

NegoEx failed to initialize output parameters in _gss_negoex_{init,accept}
which could lead it to crash if the underlying mechanism returned an error.
---
 lib/gssapi/spnego/negoex_ctx.c  | 6 ++++++
 lib/gssapi/spnego/spnego_locl.h | 1 +
 2 files changed, 7 insertions(+)

diff --git a/lib/gssapi/spnego/negoex_ctx.c b/lib/gssapi/spnego/negoex_ctx.c
index dd4a88078..73ace4d80 100644
--- a/lib/gssapi/spnego/negoex_ctx.c
+++ b/lib/gssapi/spnego/negoex_ctx.c
@@ -783,6 +783,8 @@ _gss_negoex_init(OM_uint32 *minor,
     size_t nmessages = 0;
     int send_alert = FALSE, mech_error = FALSE;
 
+    _mg_buffer_zero(output_token);
+
     if (ctx->negoex_step == 0 && input_token != GSS_C_NO_BUFFER &&
 	input_token->length != 0)
 	return GSS_S_DEFECTIVE_TOKEN;
@@ -901,6 +903,10 @@ _gss_negoex_accept(OM_uint32 *minor,
     size_t nmessages;
     int send_alert = FALSE, mech_error = FALSE;
 
+    _mg_buffer_zero(output_token);
+    if (deleg_cred)
+	*deleg_cred = GSS_C_NO_CREDENTIAL;
+
     if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
 	major = GSS_S_DEFECTIVE_TOKEN;
 	goto cleanup;
diff --git a/lib/gssapi/spnego/spnego_locl.h b/lib/gssapi/spnego/spnego_locl.h
index 9b0e3310f..6c0ddc956 100644
--- a/lib/gssapi/spnego/spnego_locl.h
+++ b/lib/gssapi/spnego/spnego_locl.h
@@ -68,6 +68,7 @@
 #include <asn1_err.h>
 
 #include <gssapi_mech.h>
+#include <mech_locl.h>
 
 #include "spnego_asn1.h"
 #include "negoex_locl.h"