svn rev #24592: trunk/src/lib/gssapi/mechglue/

ghudson@MIT.EDU ghudson at MIT.EDU
Mon Jan 10 15:32:56 EST 2011 

http://src.mit.edu/fisheye/changelog/krb5/?cs=24592
Commit By: ghudson
Log Message:
ticket: 6817

Tighten up the error handling in the mechglue's gss_canonicalize_name,
eliminating a null pointer dereference in the (unlikely) case that
allocation of out_union fails.  Reported by aberry at likewise.com.



Changed Files:
U   trunk/src/lib/gssapi/mechglue/g_canon_name.c
Modified: trunk/src/lib/gssapi/mechglue/g_canon_name.c
===================================================================
--- trunk/src/lib/gssapi/mechglue/g_canon_name.c	2011-01-10 18:25:36 UTC (rev 24591)
+++ trunk/src/lib/gssapi/mechglue/g_canon_name.c	2011-01-10 20:32:56 UTC (rev 24592)
@@ -64,7 +64,7 @@
 gss_name_t *output_name;
 {
 	gss_union_name_t in_union, out_union = NULL, dest_union = NULL;
-	OM_uint32 major_status = GSS_S_FAILURE;
+	OM_uint32 major_status = GSS_S_FAILURE, tmpmin;
 
 	major_status = val_canon_name_args(minor_status,
 					   input_name,
@@ -151,38 +151,20 @@
 	return (GSS_S_COMPLETE);
 
 allocation_failure:
-	/* do not delete the src name external name format */
-	if (output_name) {
-		if (out_union->external_name) {
-			if (out_union->external_name->value)
-				free(out_union->external_name->value);
-			free(out_union->external_name);
-		}
-		if (out_union->name_type)
-			(void) gss_release_oid(minor_status,
-					    &out_union->name_type);
-
-		dest_union = out_union;
-	} else
-		dest_union = in_union;
-
-	/*
-	 * delete the partially created mech specific name
-	 * applies for both src and dest which ever is being used for output
-	 */
-
-	if (dest_union->mech_name) {
-		(void) gssint_release_internal_name(minor_status,
-						dest_union->mech_type,
-						&dest_union->mech_name);
+	if (out_union) {
+	    /* Release the partly constructed out_union. */
+	    gss_name_t name = (gss_name_t)out_union;
+	    (void) gss_release_name(&tmpmin, &name);
+	} else if (!output_name) {
+	    /* Release only the mech name fields in in_union. */
+	    if (in_union->mech_name) {
+		(void) gssint_release_internal_name(&tmpmin,
+						    dest_union->mech_type,
+						    &dest_union->mech_name);
+	    }
+	    if (in_union->mech_type)
+		(void) gss_release_oid(&tmpmin, &dest_union->mech_type);
 	}
 
-	if (dest_union->mech_type)
-		(void) gss_release_oid(minor_status, &dest_union->mech_type);
-
-
-	if (output_name)
-		free(out_union);
-
 	return (major_status);
 } /**********  gss_canonicalize_name ********/

More information about the cvs-krb5 mailing list