oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

gss: initialize output parameters in NegoEx

Browse Source 
NegoEx failed to initialize output parameters in _gss_negoex_{init,accept}
which could lead it to crash if the underlying mechanism returned an error.
This commit is contained in:
Luke Howard
2020-04-27 14:38:33 +10:00
parent 56842561f8
commit 7cdc9934b1
2 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/gssapi/spnego/negoex_ctx.c
View File

@@ -783,6 +783,8 @@ _gss_negoex_init(OM_uint32 *minor,
size_t nmessages = 0; size_t nmessages = 0;
int send_alert = FALSE, mech_error = FALSE; int send_alert = FALSE, mech_error = FALSE;
_mg_buffer_zero(output_token);
if (ctx->negoex_step == 0 && input_token != GSS_C_NO_BUFFER && if (ctx->negoex_step == 0 && input_token != GSS_C_NO_BUFFER &&
input_token->length != 0) input_token->length != 0)
return GSS_S_DEFECTIVE_TOKEN; return GSS_S_DEFECTIVE_TOKEN;
@@ -901,6 +903,10 @@ _gss_negoex_accept(OM_uint32 *minor,
size_t nmessages; size_t nmessages;
int send_alert = FALSE, mech_error = FALSE; int send_alert = FALSE, mech_error = FALSE;
_mg_buffer_zero(output_token);
if (deleg_cred)
*deleg_cred = GSS_C_NO_CREDENTIAL;
if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) { if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
major = GSS_S_DEFECTIVE_TOKEN; major = GSS_S_DEFECTIVE_TOKEN;
goto cleanup; goto cleanup;

1
lib/gssapi/spnego/spnego_locl.h
View File

@@ -68,6 +68,7 @@
#include <asn1_err.h> #include <asn1_err.h>
#include <gssapi_mech.h> #include <gssapi_mech.h>
#include <mech_locl.h>
#include "spnego_asn1.h" #include "spnego_asn1.h"
#include "negoex_locl.h" #include "negoex_locl.h"