svn rev #22099: branches/krb5-1-7/src/lib/gssapi/spnego/
tlyu@MIT.EDU
tlyu at MIT.EDU
Mon Mar 16 13:58:53 EDT 2009
http://src.mit.edu/fisheye/changelog/krb5/?cs=22099
Commit By: tlyu
Log Message:
ticket: 6402
version_fixed: 1.7
pull up r22084 from trunk
acc_ctx_new() can return an error condition without establishing a
SPNEGO context structure. This can cause a null pointer dereference
in cleanup code in spnego_gss_accept_sec_context().
Changed Files:
U branches/krb5-1-7/src/lib/gssapi/spnego/spnego_mech.c
Modified: branches/krb5-1-7/src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- branches/krb5-1-7/src/lib/gssapi/spnego/spnego_mech.c 2009-03-16 16:54:40 UTC (rev 22098)
+++ branches/krb5-1-7/src/lib/gssapi/spnego/spnego_mech.c 2009-03-16 17:58:53 UTC (rev 22099)
@@ -1650,7 +1650,8 @@
&negState, &return_token);
}
cleanup:
- if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
+ if (return_token == INIT_TOKEN_SEND ||
+ return_token == CONT_TOKEN_SEND) {
/* For acceptor-sends-first send a tokenInit */
int tmpret;
More information about the cvs-krb5
mailing list